Ubuntu – How to install nvidia driver with secure boot enabled

driversnvidiasecure-bootuefi

I found this post:
nvidia-smi command not found Ubuntu 16.04 | Ask Ubuntu

Which says that with IUEF secure boot enabled nvidia-smi could not found in ubuntu:

$ nvidia-smi
nvidia-smi: command not found

Any idea on how to enable secure boot with nvidai driver funcioning?

I found this article on solving the secure boot issue with virtual box, just still have little idea on how MOK manager works:

VirtualBox + Secure Boot + Ubuntu = fail | √ėyvind Stegard blog

Best Answer

Try this:

- Step 1: Download latest driver from NVIDIA website, https://www.geforce.com/drivers.

- Step 2: Create new pair private key (Nvidia.key) and public key (Nvidia.der) by entering command:

openssl req -new -x509 -newkey rsa:2048 -keyout PATH_TO_PRIVATE_KEY -outform DER -out PATH_TO_PUBLIC_KEY -nodes -days 36500 -subj "/CN=Graphics Drivers"

Example:

openssl req -new -x509 -newkey rsa:2048 -keyout /home/itpropmn07/Nvidia.key -outform DER -out /home/itpropmn07/Nvidia.der -nodes -days 36500 -subj "/CN=Graphics Drivers"

- Step 3: Enroll public key (nvidia.der) to MOK (Machine Owner Key) by entering command:

sudo mokutil --import PATH_TO_PUBLIC_KEY

Example:

sudo mokutil --import /home/itpropmn07/Nvidia.der

--> This command requires you create password for enrolling. Afterwards, reboot your computer, in the next boot, the system will ask you enroll, you enter your password (which you created in this step) to enroll it. Read more: https://sourceware.org/systemtap/wiki/SecureBoot

- Step 4: For the first time install NVidia driver, you need to disable Nouveau kernel driver by entering command:

echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf; sudo update-initramfs -u

--> Reboot.

-Step 5: Install driver by entering command

sudo sh ./XXXXXX.run -s --module-signing-secret-key=PATH_TO_PRIVATE_KEY --module-signing-public-key=PATH_TO_PUBLIC_KEY

where:

XXXXXX: name of file installer (download from NVIDIA).

PATH_TO_PRIVATE_KEY: full path to private key. If you place in home folder, use /home/USER_NAME/ instead of ~

PATH_TO_PUBLIC_KEY: full path to public key. If you place in home folder, use /home/USER_NAME/ instead of ~

Example:

sudo sh ./NVIDIA-Linux-x86_64-390.67.run -s --module-signing-secret-key=/home/itpropmn07/Nvidia.key --module-signing-public-key=/home/itpropmn07/Nvidia.der

--> Done

Read more https://us.download.nvidia.com/XFree86/Linux-x86/319.32/README/installdriver.html

Related Question