Hello, I tried to sign in nvidia drivers with secure boot enabled and most probably entered wrong password, because I thought that when you are entering password you will see it on screen like stars or actual numbers to appear, but it displayed nothing while I typed and at first I thought that my num keys are off, so most probably I entered it twice : (
I tried to roll-back and install nvidia drivers again, but it does not recreate or delete old key. How to fix this?
Thank you
sudo mokutil --reset activated bios mok keys reset process
Can’t remember where is the keys stored on system, but after resetting mok keys from bios you can go create and sign new keys and do signing process again
When I run the command it asks for input password.
What password should I enter?
it says: “password should be 1~256 characters”
It would be nice if this information could be on this page:
You give first your username/admin password and then create new password to sign the key the command is sudo aka root to start sign
And when you are signing the mok on restart with blue screen thingy enter the password created to sign the key
I followed the instructions and it seems it created the key
When I run:
mokutil --list-enrolled
it is showing:
3bb010e24d fedoraca
f1300450a5 fedora-125061121
but when OS boots it says: “nvidia kernel module missing rolling back to nuveu”
Maybe when creating signing in key I need to disable secure boot?
You first followed the secure boot guide and rebooted and you get blue screen where it asked to sign MOK key
After that you need to install Nvidia drivers from guide
sudo rpm-ostree install akmod-nvidia xorg-x11-drv-nvidia
sudo rpm-ostree install akmod-nvidia xorg-x11-drv-nvidia-cuda #optional if using nvidia-smi or cuda
sudo rpm-ostree kargs --append=rd.driver.blacklist=nouveau --append=modprobe.blacklist=nouveau --append=nvidia-drm.modeset=1 # this might not be needed at some point when ostree systems will support the standard way to specify this.
Choose what you install and after first setup do the rpm-ostree karts line and then reboot
I disabled secure boot and booted to the OS and now terminal not launching nor “software” app, nor settings, nor system monitor… : (
You can check a similar discussion and solutions here.
1 Like
This shows the key is installed. It also can be verified with the command seen in the file /usr/share/doc/akmods/README.secureboot
sudo mokutil --test-key /etc/pki/akmods/certs/public_key.der
However, even if the key is enrolled, the fact the driver may have been installed before the key was created would mean it is not signed and must be recreated.
sudo akmods --force --rebuild should manage the installation of a newly signed module, and once that completes then reboot with secure boot enabled should properly load the driver.
This command does not work in Silverblue.
I wonder maybe it would work if I could register already installed drivers with the key when secure boot is off and turn secure boot back on afterwards (like in U-blue)?
Sudo aka root?
How to initiate key creation dialogue from terminal or “Software” application manually while secure boot is off or NVIDIA drivers not installed?
Damn sorry so much typos and seems like this is for atomic so secure boot enabled and follow this
After this and reboot you get the signing screen sign the key and then install drivers
https://rpmfusion.org/Howto/NVIDIA
Rpm-ostree section
Oh, so it still require work-around? It seemed like it already had to work from the OS : (
Added nvidia, silverblue
That should be the locally created key for signing the nvidia modules.
To verify it run sudo mokutil --test-key /etc/pki/akmods/certs/public_key.der
If that works then you need to look at the thread here about properly using secure boot on the atomic systems (possibly Howto/NVIDIA - RPM Fusion)
Thank you : )