#Trying to sign nvidia drivers with mok keys for secure boot...

1 messages · Page 1 of 1 (latest)

arctic zodiac
#

Hey, im probably the 100. person failing on this but i'm currently running a linux mint machine which runs perfectly fine as long as i disable secure boot. So now i want to dual boot win11 using a new drive. So i enabled secure boot to check if my Linux runs fine with it. Ofc as 100 people before me i noticed the Nvidia driver is not loading.

I tried creating MOK keys and signing the driver with them but i just can't get it to run. The creation of the keys and importing works fine. But i just can't seem to get the nvidia driver to be signed with them so it will boot the driver.

Hope one of you can help me here as i'm starting to lose my mind over this issue.

round compass
#

those 4 lines

#

per jeremyb

#

then inxi -G upon reboot to confirm

arctic zodiac
#

sudo mokutil -i /var/lib/shim-signed/mok/MOK.der
mokutil --list-enrolled
sudo mokutil --test-key /var/lib/shim-signed/mok/MOK.der
sudo mokutil --enable-validation

those

round compass
#

yes and follow all what he said

#

make at least 9 or 10 digit password and keep it dead simple

arctic zodiac
#

can i use already imported mok keys or do i need to create new ones for thisß

round compass
#

that idk

#

i'd go in BIOS and clear them all first

#

it has a limit to what it can store

arctic zodiac
#

i mean i'm at this point now xD

image.png
round compass
#

and it's not much from what i hear

round compass
#

then follow link above with deadly accuracy

arctic zodiac
#

mhh looks completely different than what i tried before but i'll give it a go

#

Well it did Something

#

I have to Reinstall the Driver though

#

driver is installed again but still does not load 😐

#

Device-1: NVIDIA AD103 [GeForce RTX 4080 SUPER] driver: N/A

ripe laurel
round compass
#

yeah if it's this much trouble, tbh

arctic zodiac
#

sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ‘/path/to/key/MOK.priv’ ‘/path/to/key/MOK.der’ $(modinfo -n nvidia)

this is supposed to sign the keys

#

but this just outputs the following error:
❯ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ‘MOK.priv’ ‘MOK.der’ $(modinfo -n nvidia)
At main.c:167:

  • SSL error:FFFFFFFF80000002:system library::No such file or directory: ../crypto/bio/bss_file.c:67
  • SSL error:10000080:BIO routines::no such file: ../crypto/bio/bss_file.c:75
    sign-file: ‘MOK.priv’
#

thats where im stuck since yesterday