anticut
(anticut)
December 21, 2024, 3:50am
1
Hello,
I just upgraded to the latest coreOS image, and am getting this every time I bring up a terminal:
Failed Units: 1
akmods-keygen@akmods-keygen.service
Here is the output of systemctl status
:
Dec 20 13:23:46 my-pc kmodgenca[1540]: /etc/pki/akmods/private/my-pc-4218448284.priv
Dec 20 13:23:46 my-pc kmodgenca[1540]: /etc/pki/akmods/private/my-pc-2072618505.priv
Dec 20 13:23:46 my-pc kmodgenca[1540]: ERROR: BROKEN SYMLINK(S) TO THE DEFAULT KEY PAIR!
Dec 20 13:23:46 my-pc kmodgenca[1540]: Valid symlinks to a public and private key must exist.
Dec 20 13:23:46 my-pc kmodgenca[1540]: /etc/pki/akmods/certs/public_key.der: BROKEN
Dec 20 13:23:46 my-pc kmodgenca[1540]: /etc/pki/akmods/private/private_key.priv: WORKING
Dec 20 13:23:46 my-pc kmodgenca[1540]: Quitting.
Dec 20 13:23:46 my-pc systemd[1]: akmods-keygen@akmods-keygen.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED
Dec 20 13:23:46 my-pc systemd[1]: akmods-keygen@akmods-keygen.service: Failed with result 'exit-code'.
Dec 20 13:23:46 my-pc systemd[1]: Failed to start akmods-keygen@akmods-keygen.service - Akmods Secure boot MOK Key Generation.
What has happened, and how can I fix it? Thanks
hricky
(Hristo Marinov)
December 21, 2024, 8:55am
2
Could you share the output of the sudo rpm-ostree status
command?
anticut
(anticut)
December 21, 2024, 11:42am
3
State: idle
AutomaticUpdates: disabled
Deployments:
● fedora:fedora/x86_64/coreos/stable (index: 0)
Version: 41.20241122.3.0 (2024-12-16T21:04:43Z)
BaseCommit: c81a94e71f7bbb4a7eaf1aa2162183d1c63fda4e5b7fb8a3054f42ff9607d8a1
└─ fedora-coreos-pool (2024-12-16T18:59:38Z)
Commit: 94b9e6f8dbc480c1e8af2bbd9bf3d577849bb89f1dd351f14586cdac88072afb
├─ fedora (2024-10-24T13:55:59Z)
├─ fedora-cisco-openh264 (2024-03-11T19:22:31Z)
├─ nvidia-container-toolkit (2024-12-04T12:02:48Z)
├─ rpmfusion-free (2024-10-27T07:49:25Z)
├─ rpmfusion-free-updates (2024-12-17T11:11:36Z)
├─ rpmfusion-nonfree (2024-10-27T07:58:23Z)
├─ rpmfusion-nonfree-updates (2024-12-17T11:30:28Z)
├─ updates (2024-12-20T13:31:04Z)
└─ updates-archive (2024-12-20T13:56:56Z)
Staged: no
StateRoot: fedora-coreos
GPGSignature: 1 signature
Signature made Tue Dec 17 07:06:19 2024 using RSA key ID D0622462E99D6AD1
Good signature from "Fedora <fedora-41-primary@fedoraproject.org>"
RemovedBasePackages: nfs-utils-coreos 1:2.8.1-1.rc1.fc41
InactiveRequests: bash-completion bsdtar socat wireguard-tools
LayeredPackages: adwaita-cursor-theme akmod-nvidia alacritty alsa-utils aria2
bemenu binutils cargo chromium ddcutil drm-utils dunst egl-gbm
ffmpeg firefox flatpak fzf gimp git google-noto-emoji-fonts
google-noto-sans-cjk-fonts google-noto-sans-fonts
google-noto-sans-mono-fonts google-roboto-fonts grim
igt-gpu-tools ImageMagick imv intel-media-driver iotop kanshi
levien-inconsolata-fonts lftp libdisplay-info libva-utils lz4
mako man-db man-pages mesa-dri-drivers mesa-va-drivers
mesa-vulkan-drivers moreutils mpv neovim netcat nfs-utils
numix-gtk-theme numix-icon-theme numix-icon-theme-circle
numix-icon-theme-square nvidia-container-toolkit-base p7zip
parallel parted pass pavucontrol pinentry-tty pipewire
pipewire-alsa pipewire-pulseaudio pipewire-utils
pulseaudio-utils remmina remmina-plugins-rdp remmina-plugins-vnc
ripgrep rpmfusion-free-release rpmfusion-nonfree-release rust
rust-src samba slurp strace sway swaybg swayidle swaylock
tcpdump thunar tmux virt-manager vulkan-tools waypipe wayvnc
wf-recorder wget wireplumber wl-clipboard wlopm
xdg-desktop-portal-wlr xeyes xorg-x11-drv-nvidia
xorg-x11-drv-nvidia-cuda xorg-x11-server-Xwayland yambar zathura
zathura-pdf-mupdf
fedora:fedora/x86_64/coreos/stable (index: 1)
Version: 40.20241019.3.0 (2024-10-26T12:34:27Z)
BaseCommit: 6df70065620571076f242857b9080d747891e2279dff3ed1756270f6889731ce
└─ fedora-coreos-pool (2024-10-25T20:48:29Z)
Commit: 6293cbff4bdc26dfdc50f834e99d08340b32a50cabf208f9a62e8381016999ae
├─ fedora (2024-04-14T18:51:11Z)
├─ fedora-cisco-openh264 (2024-03-12T11:45:42Z)
├─ nvidia-container-toolkit (2024-11-09T02:28:15Z)
├─ rpmfusion-free (2024-04-20T12:11:51Z)
├─ rpmfusion-free-updates (2024-11-04T00:01:20Z)
├─ rpmfusion-nonfree (2024-04-20T12:18:23Z)
├─ rpmfusion-nonfree-updates (2024-11-04T00:19:19Z)
├─ updates (2024-11-08T04:05:04Z)
└─ updates-archive (2024-11-09T03:00:45Z)
StateRoot: fedora-coreos
GPGSignature: 1 signature
Signature made Sat Oct 26 22:36:19 2024 using RSA key ID 0727707EA15B79CC
Good signature from "Fedora <fedora-40-primary@fedoraproject.org>"
RemovedBasePackages: nfs-utils-coreos 1:2.7.1-0.fc40
InactiveRequests: bash-completion bsdtar socat wireguard-tools
LayeredPackages: adwaita-cursor-theme akmod-nvidia alacritty alsa-utils aria2
bemenu binutils cargo chromium ddcutil drm-utils dunst egl-gbm
ffmpeg firefox flatpak fzf gimp git google-noto-emoji-fonts
google-noto-sans-cjk-fonts google-noto-sans-fonts
google-noto-sans-mono-fonts google-roboto-fonts grim
igt-gpu-tools ImageMagick imv intel-media-driver iotop kanshi
levien-inconsolata-fonts lftp libdisplay-info libva-utils lz4
mako man-db man-pages mesa-dri-drivers mesa-va-drivers
mesa-vulkan-drivers moreutils mpv neovim netcat nfs-utils
numix-gtk-theme numix-icon-theme numix-icon-theme-circle
numix-icon-theme-square nvidia-container-toolkit-base p7zip
parallel parted pass pavucontrol pinentry-tty pipewire
pipewire-alsa pipewire-pulseaudio pipewire-utils
pulseaudio-utils remmina remmina-plugins-rdp remmina-plugins-vnc
ripgrep rpmfusion-free-release rpmfusion-nonfree-release rust
rust-src samba slurp strace sway swaybg swayidle swaylock
tcpdump thunar tmux virt-manager vulkan-tools waypipe wayvnc
wf-recorder wget wireplumber wl-clipboard wlopm
xdg-desktop-portal-wlr xeyes xorg-x11-drv-nvidia
xorg-x11-drv-nvidia-cuda xorg-x11-server-Xwayland yambar zathura
zathura-pdf-mupdf
Pinned: yes
siosm
(Timothée Ravier)
January 8, 2025, 11:46am
4
Secure Boot signed NVIDIA kernel modules require some manual setup. See: Akmods does not sign compiled module when using rpm-ostree · Issue #499 · fedora-silverblue/issue-tracker · GitHub
Looks like you are using Fedora CoreOS as a desktop. You should probably take a look at Fedora Sway Atomic.
anticut
(anticut)
January 17, 2025, 10:20pm
5
Thanks, I have looked at that issue and related ones, but I’m still not sure how to fix this. Can you please spell it out for me a little more? Secure Boot has always been disabled on this computer.
I had considered it, but felt that too many things were pre-installed on Sway Atomic that I did not need or use.
siosm
(Timothée Ravier)
January 18, 2025, 4:16pm
6
If you need support for the NVIDIA driver then I recommend looking at the Universal Blue images .