In order to not disable secure boot I try to sign the NVIDIA drivers by creating a X.509 key pair by the following:
openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config x509-configuration.ini -outform DER -out public_key.der -keyout private_key.priv
Using configuration.ini as:
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
O = name
CN = name
emailAddress = ...
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
Enroll the key in root:
mokutil --import public_key.der
and sign after reboot and append key in BIOS:
/usr/src/linux/scripts/sign-file sha512 ~/private_key.priv ~/public_key.der nvidia.ko
/usr/src/linux/scripts/sign-file sha512 ~/private_key.priv ~/public_key.der nvidia-uvm.ko
However, that breaks the drivers that otherwise works when simply disabling secure boot.
When calling nvidia-settings it will not open and I get this error: ERROR unable to load info from any available system
Am I missing something?