Ubuntu
nvidia-graphics-drivers-550 package

nvidia-driver-550-open fails with secure boot enabled

Bug #2060852 reported by Ken VanDine
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers-550 (Ubuntu)
Fix Released
Undecided
Kuba Pawlak
nvidia-graphics-drivers-550-server (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I switched to the 550-open driver to test this out but the module fails to load with secureboot enabled. The key is rejected.

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: nvidia-kernel-source-550-open 550.67-0ubuntu2
ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
Uname: Linux 6.8.0-22-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Wed Apr 10 13:45:43 2024
Dependencies:

InstallationDate: Installed on 2023-04-10 (366 days ago)
InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20230328)
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
SourcePackage: nvidia-graphics-drivers-550
UpgradeStatus: Upgraded to noble on 2024-04-10 (0 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2023-12-15T17:01:26.953508

Revision history for this message
Ken VanDine (ken-vandine) wrote :
Jose Ogando Justo (joseogando)
Changed in nvidia-graphics-drivers-550 (Ubuntu):
assignee: nobody → Kuba Pawlak (kuba-t-pawlak)
Revision history for this message
Steve Langasek (vorlon) wrote :

The 550 driver does not have corresponding signed binaries, so the dkms driver gets installed instead. This requires MOK enrollment in order to boot under secureboot.

The 550 driver claims to support ALL of the devices that are supported by 535:

$ join -v2 <(grep-dctrl -n -FPackage -X nvidia-driver-550 -sModaliases /var/lib/apt/lists/*_noble_*binary-amd64_*Packages | sed -e's/nvidia(//; s/)//; s/, /\n/g' | sort -u) <(grep-dctrl -n -FPackage -X nvidia-driver-535 -sModaliases /var/lib/apt/lists/*_noble_*binary-amd64_*Packages | sed -e's/nvidia(//; s/)//; s/, /\n/g' | sort -u)
$

And ubuntu-drivers defaults to installing the newest driver that supports the cards, so tries to install 550, not 535.

Either 550 needs to not declare support for these cards, or it needs to be included in the modules that we deliver signatures for.

Until we have a resolution in one of those two ways, I am demoting this package to noble-proposed and blocking it there.

tags: added: block-proposed
Revision history for this message
Steve Langasek (vorlon) wrote :

I believe this also applies to 550-open and 550-server, so demoting these also.

Revision history for this message
Steve Langasek (vorlon) wrote :

ah, -open is built from nvidia-graphics-drivers-550.

Revision history for this message
Steve Langasek (vorlon) wrote :

linux-restricted-modules providing 550 is now available, so closing this blocking bug.

Changed in nvidia-graphics-drivers-550-server (Ubuntu):
status: New → Fix Released
Changed in nvidia-graphics-drivers-550 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.