#Can't enroll SecureBlue key with Nvidia

Hi, I am having trouble enrolling the SecureBlue key. I just get the message "Failed to enroll new keys". I suspect its either a problem with nvidia since I get an error when I run nvidia-smi, or the secureblue password is wrong.

did it autoenroll or did you run the script manually

I've been running both ujust enroll-secureblue-secure-boot-key and mokutil --import ... to try get it to work. Was the auto enroll just during initial setup?

yes

when you run the ujust

output of mokutil --list-enrolled only shows the fedora key

you are setting the password properly?

to secureblue?

I've done it well over 5 times now to ensure I am

strange

it is likely something unique to your bios

double check important settings like making sure microsoft's ca is enabled

making sure you're in user/standard mode and not setup

etc

ok that's interesting that Microsoft's CA needs to be disabled

I was thinking I should have gone for the nvidia-closed image but when I checked my Nvidia GPU on wikipedia it showed it was Turing so that's prob not it

*enabled

is this a turing laptop perchance

what exactly is a turing laptop?

thought turing was an nvidia release

a laptop with a turing gpu

is it a laptop

yes

ah

do you plan on gaming on it

no

do you like having battery life

🙂

haha why does the Nvidia card drain the battery life?

no

nvidia dropped power management support for turing

i am in the exact same boat

laptop with turing gpu

however

nouveau+NVK (the fully foss driver stack, not from nvidia) does support it :)))

the only downside is the gaming perf sucks

but my battery life tripled

https://nouveau.freedesktop.org/PowerManagement.html

@dry solar tldr you would:

1. ujust remove-kargs-nvidia
2. rebase to the equivalent -main image
3. rpm-ostree kargs --append=nouveau.config=NvGspRm=1
4. reboot

we don't include instructions for this on the site because it's an edge case

it only applies to:

1. laptops
2. with turing
3. for users who don't care about gaming perf

😄

that said you can probably still play lightweight games

but yeah even the reliability is better

fewer crashes

etc

tfw the open source community can make better drivers for nvidia cards than nvidia

also it will only get better because redhat is making a new NOVA driver in rust to replace nouveau

oh wait, @dry solar are you working with CUDA at all

for AI/ML

that's unsupported

so it's important to note

which "main" image exactly? is it a branch different from the "live" one? Sorry didn't quite get what you mean by this step

no

main as in non-nvidia

ah ok

just run ujust rebase-secureblue and do the same steps except say "no" when asked if you have nvidia

ok cool thanks a mil!

btw would this affect LLM inference at all?

like when running Ollama?

You cannot run those with the open-source driver

CUDA requires the proprietary driver (either the open-kernel module or legacy one)

Not Nouveau or Nova

dang

that is prob my only use case for the nvidia GPU

but it might be worth it for a better battery life

oh damn

glad i asked

lol

I'll prob do what you say anyway cause my battery life is dogshit and I kinda use online LLMs most of the time anyway

There is OpenCL as an alternative to CUDA, but it is not nearly as widely supported by apps and drivers

generally, in nvidia optimus laptops, the nvidia gpu powers external monitors

I am not sure this is a general rule anymore

The old MUXed laptops used to be like this

@dry solar can always try it out and switch back

if needed

The new MUXed laptops can switch the external ports to dGPU when needed, while MUXless laptops have dGPUs with no output ports at all

Mine is the latter

uh

on mine

the dgpu is the only way to use external monitors

lspci | grep 'VGA\|3D'

no dgpu driver = no external monitor

Then it uses the old MUX setup or is MUXless with the external port hardwired to the dGPU

There is technically four possible constellations

Which does not help at all

https://tenor.com/view/donkey-kong-mario-party-4-constellation-summon-donkey-kong-dk-vine-gif-9537926747659092794

Now I wonder if Genshin's inspiration for character constellations comes from this

Would not be the first inspiration from Nintendo

They also copied the concept of solving puzzles by playing music on an instrument

I just found "constellations" to be a very posh choice of words 😛

over "combinations" 😛

Konstellation is not a rare choice of words for these situations in the German language

That is why

ahh

yeah

in english, constellation means an arrangement of stars

almost always

https://tenor.com/view/pleiadies-gif-22803105

unfortunately this didn't fix the key enrollment

fwiw I also get Failed to set MokTimeout when I run the enrollment script

yeah but you don't necessarily need our key if you're not using nvidia/zfs kmods

it's just preferred

in case fedora fucks up their key rotation again

(they did last year)

ah okay interesting

ok cool that's good to know because I'm still trialling SecureBlue

thanks a mil for the help!

np

i would still recommend digging into that though