nvidia-driver-550-open fails with secure boot enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nvidia-graphics-drivers-550 (Ubuntu) |
Fix Released
|
Undecided
|
Kuba Pawlak | ||
nvidia-graphics-drivers-550-server (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I switched to the 550-open driver to test this out but the module fails to load with secureboot enabled. The key is rejected.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: nvidia-
ProcVersionSign
Uname: Linux 6.8.0-22-generic x86_64
NonfreeKernelMo
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed Apr 10 13:45:43 2024
Dependencies:
InstallationDate: Installed on 2023-04-10 (366 days ago)
InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20230328)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-
XDG_RUNTIME_
SourcePackage: nvidia-
UpgradeStatus: Upgraded to noble on 2024-04-10 (0 days ago)
modified.
mtime.conffile.
Changed in nvidia-graphics-drivers-550 (Ubuntu): | |
assignee: | nobody → Kuba Pawlak (kuba-t-pawlak) |
The 550 driver does not have corresponding signed binaries, so the dkms driver gets installed instead. This requires MOK enrollment in order to boot under secureboot.
The 550 driver claims to support ALL of the devices that are supported by 535:
$ join -v2 <(grep-dctrl -n -FPackage -X nvidia-driver-550 -sModaliases /var/lib/ apt/lists/ *_noble_ *binary- amd64_* Packages | sed -e's/nvidia(//; s/)//; s/, /\n/g' | sort -u) <(grep-dctrl -n -FPackage -X nvidia-driver-535 -sModaliases /var/lib/ apt/lists/ *_noble_ *binary- amd64_* Packages | sed -e's/nvidia(//; s/)//; s/, /\n/g' | sort -u)
$
And ubuntu-drivers defaults to installing the newest driver that supports the cards, so tries to install 550, not 535.
Either 550 needs to not declare support for these cards, or it needs to be included in the modules that we deliver signatures for.
Until we have a resolution in one of those two ways, I am demoting this package to noble-proposed and blocking it there.