This blog focuses on installing Nvidia driver and few other drivers using the mokutil signing functionality.
1. Create a pair of key on system to sign the modules.
openssl req -new -x509 -newkey rsa:2048 -keyout /home/user/Nvidia.key -outform DER -out /home/user/Nvidia.der -nodes -days 36500 -subj "/CN=Graphics Drivers"
2. Add the key (Enroll using mok)
First command will ask for a password. After reboot enter the same password. (** Prompt will ask for characters in specific position of the password. Do not enter the whole password. **)
sudo mokutil --import /home/user/Nvidia.der
sudo reboot
Check if keys are enrolled
sudo mokutil --list-enrolled # or sudo mokutil --list-enrolled | grep -i Graphics
3. Update the dkms sign file if adding using dkms
Updated the /etc/dkms/sign_helper.sh. Add/update the line with the newly created key paths.
/lib/modules/"$1"/build/scripts/sign-file sha512 /home/user/Nvidia.priv /home/user/Nvidia.der "$2"
Update /etc/dkms/framework.conf Uncomment the line where sign_tool is mentioned
sign_tool="/etc/dkms/sign_helper.sh"
If you have already added dkms modules before changing the sign file, first remove and then add them again.
sudo dkms status # Check status of dkms module
sudo dkms remove <module>/<version> -k <kernel_version>
Eg. sudo dkms remove hid-asus-rog/1.0.2 -k 5.10.0-8-amd64
sudo dkms status # Check uninstalled again
sudo dkms add . # in the cloned directory of dkms module
sudo dkms build <module>/<version>
sudo dkms install <module>/<version>
4. Installing Nvidia driver
For installing Nvidia driver using the .run file and enrolled keys. Get-the-Driver-here
sudo sh ./NVIDIA-Linux-x86_64-460.73.01.run -s --module-signing-secret-key=/home/user/Nvidia.key --module-signing-public-key=/home/user/Nvidia.der
If this does not work try removing -s from the command above.
Top comments (0)