Installing nvidia drivers on a fedora 36 (in dual boot with windows 11) with secure boot enabled

Just trying to help, no blame, no shame …

Hmmmmmm

You backed out of Fedora yet you are offering advice to people using fedora on a fedora forum?

You certainly may do as you wish, but please make your posts relevant to the topic at hand.

Hey @computersavvy Do you have any idea why this model appears?
Intel® UHD Graphics 630 Table (CFL GT2) / Intel® UHD Graphics 630 Table

I have followed the same steps that you recommended in another post to install my nvidia drivers.

You and I have the same laptop, have you already installed F36?

Yes, I am running F36. The only issue I can note is that with wayland the external monitor does not work, but with xorg it does.
Which command gave you that output?

This has been a very helpful thread, thanks to all who have contributed. I am seeing a similar error, attempting to do the same thing as OP.

I have a new system with Windows 11 and Fedora 36 dual booting, with secure boot enabled.

I’m not able to load the installed nvidia kernel module, and I’m seeing the following warnings on boot:

Jul 02 10:50:34 [host] kernel: Kernel command line: BOOT_IMAGE=(hd0,gpt5)/vmlinuz-5.18.7-200.fc36.x86_64 root=UUID=b1b7445c-1009-4132-a382-31f0b8eb6559 ro rootflags=subvol=root rhgb quiet rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nvidia-drm.modeset=1 initcall_blacklist=simpledrm_platform_driver_init
Jul 02 10:50:34 [host] dracut-cmdline[377]: Using kernel command line parameters:  rd.driver.pre=btrfs   BOOT_IMAGE=(hd0,gpt5)/vmlinuz-5.18.7-200.fc36.x86_64 root=UUID=b1b7445c-1009-4132-a382-31f0b8eb6559 ro rootflags=subvol=root rhgb quiet rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nvidia-drm.modeset=1 initcall_blacklist=simpledrm_platform_driver_init
Jul 02 17:50:42 [host] systemd[1]: Starting nvidia-powerd.service - nvidia-powerd service...
Jul 02 17:50:42 [host] /usr/bin/nvidia-powerd[1014]: nvidia-powerd version:1.0(build 1)
Jul 02 17:50:42 [host] systemd[1]: Starting nvidia-fallback.service - Fallback to nouveau as nvidia did not load...
Jul 02 17:50:42 [host] kernel: nouveau 0000:01:00.0: NVIDIA GA107 (b77000a1)
Jul 02 17:50:42 [host] systemd[1]: Finished nvidia-fallback.service - Fallback to nouveau as nvidia did not load.
Jul 02 17:50:42 [host] audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=nvidia-fallback comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jul 02 17:50:43 [host] /usr/bin/nvidia-powerd[1014]: Allocate client failed 38
Jul 02 17:50:43 [host] /usr/bin/nvidia-powerd[1014]: Failed to initialize RM Client
Jul 02 17:50:43 [host] systemd[1]: nvidia-powerd.service: Main process exited, code=exited, status=1/FAILURE
Jul 02 17:50:43 [host] systemd[1]: nvidia-powerd.service: Failed with result 'exit-code'.
Jul 02 17:50:43 [host] systemd[1]: Failed to start nvidia-powerd.service - nvidia-powerd service.
Jul 02 17:51:08 [host] nvidia-settings-user.desktop[3517]: ERROR: NVIDIA driver is not loaded

I have followed the instructions from the RPM Fusion nvidia install guide(s).

I have loaded my secure boot key into the bios and can verify it’s loaded on next reboot:

$ mokutil --list-enrolled | grep Issuer
        Issuer: CN=Fedora Secure Boot CA
                CA Issuers - URI:https://fedoraproject.org/wiki/Features/SecureBoot
        Issuer: O=[org], OU=[department]/emailAddress=[email-address], L=[city], ST=[state code], C=[country code], CN=[hostname]

I can verify the kernel module exists:

$ sudo akmods --force
Checking kmods exist for 5.18.7-200.fc36.x86_64            [  OK  ]


$ dnf list installed kmod-nvidia*
Installed Packages
kmod-nvidia-5.18.7-200.fc36.x86_64.x86_64

Here is the nvidia drivers and libraries currently installed:

$ rpm -qa |grep nvidia |sort
akmod-nvidia-510.68.02-2.fc36.x86_64
kmod-nvidia-5.18.7-200.fc36.x86_64-510.68.02-2.fc36.x86_64
nvidia-persistenced-510.68.02-1.fc36.x86_64
nvidia-settings-510.68.02-1.fc36.x86_64
xorg-x11-drv-nvidia-510.68.02-2.fc36.x86_64
xorg-x11-drv-nvidia-cuda-510.68.02-2.fc36.x86_64
xorg-x11-drv-nvidia-cuda-libs-510.68.02-2.fc36.x86_64
xorg-x11-drv-nvidia-kmodsrc-510.68.02-2.fc36.x86_64
xorg-x11-drv-nvidia-libs-510.68.02-2.fc36.x86_64
xorg-x11-drv-nvidia-power-510.68.02-2.fc36.x86_64

Here are the graphics processors installed in my laptop:

$ lspci |grep -iE "VGA|3D"
00:02.0 VGA compatible controller: Intel Corporation Alder Lake-P Integrated Graphics Controller (rev 0c)
01:00.0 3D controller: NVIDIA Corporation GA107M [GeForce RTX 3050 Ti Mobile] (rev a1)

I’m not sure what next to check? My company does add a bios password to our laptops when the windows 11 image is deployed. I don’t remember being requested to to enter the bios password when I first ran the MOK interface on first reboot after importing the key. I wonder if it silently failed to add the key to the bios? However, wouldn’t the test with "mokutil --list-enrolled " fail to find the key on the next boot up then?

Did you already have the nvidia driver installed and kernel 5.18.7 installed before you did the step with mokutil?

If you did then the kernel module was built without the key.

The steps in post 5 on this thread should help you. I listed most of the steps below just in case.
https://discussion.fedoraproject.org/t/installing-nvidia-drivers-on-a-fedora-36-in-dual-boot-with-windows-11-with-secure-boot-enabled/74814/5

I would suggest that you first remove the kmod-nvidia package dnf remove kmod-nvidia then reinstall akmod-nvidia dnf reinstall akmod-nvidia. Wait at least 5 minutes after the reinstall then run the command dnf list installed *nvidia* to see if the kmod-nvidia package was rebuilt (as it should be). If it was then reboot and see if the nvidia modules are now loaded lsmod | grep -iE 'nouveau|nvidia.

If that shows the nvidia modules then things should be working correctly. If it shows the nouveau packages then look at the logs and see if it shows the same as before journalctl -b -0 | grep -iE 'secure|nvidia|nouveau'

If it is still falling back to the nouveau drivers with secure boot active then it seems likely that the key is not actually active

Sorry but a lot of hype globally about NVidia … try Nouveau drivers, does it work? Maybe it’s only what you need. Further NVidia publishes a list of driver versions specific to each hardware version. Just explore, download and install .run file. Everything comes out from a box as the firm uses exclusively Linux with ARM processors.

Thanks @computersavvy , that was it (reinstalling the nvidia kernel module after the secure boot key had been enabled properly).

I originally attempted to setup the secure boot keys first, but then realized I did not have any dynamic kernel modules installed yet, so there was no kmodgenca utility yet. I proceeded to install the akmod-nvidia package figuring it would add the required utilities for secure boot setup - which it did. However, I had not realized that the nvidia kernel module would not be built on next reboot using that key.

For anyone else having this issue, my system failed to recognize the new nvidia kernel module again on next boot with nvidia-powerd.service failing to start. When I tried to start the nvidia-powerd.service after boot up to look at the errors, it actually started fine. I figured there must have been an operations order issue with the kmod being built after that service tries to start on boot up. I rebooted again and got a kernel panic. I rebooted a third time and everything worked perfectly. I have updated and restarted several times since and had zero issues. My gnome settings is now listing both my Nvidia and Intel Mesa graphics cards as well.

It actually takes some time for the module to be configured and loaded. When I switched from secure boot off to on it took a total of 4 reboots for things to work properly.

Glad to hear that everything is now working as it should. :grinning:

I am sorry, but you should be aware that if you use the .run file downloaded from nvidia then there is no way to properly sign the modules created thus secure boot cannot ever be enabled. This was about properly enabling secure boot with the nvidia drivers.