I recently updated my laptop to Ubuntu 24.04, after which the second monitor I connect to using HDMI stopped working. I noticed that it does work when Secure Boot is disabled in BIOS before booting. I have tried to purge all nvidia drivers and reinstall both the recommended 560 driver or the 535 driver my computer was using before upgrading to Ubuntu 24.04, but that doesn’t seem to help.
It appears as if the installed drivers are not signed and thus not loaded when Secure Boot is enabled:
- The output of the ~$ nvidia-smi command is the following:
NVIDIA-SMI has failed because it couldn’t communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.
- The output of the ~$ inxi -G command doesn’t even list an installed driver for the GPU:
Graphics:
Device-1: Intel CometLake-H GT2 [UHD Graphics] driver: i915 v: kernel
Device-2: NVIDIA TU117M [GeForce GTX 1650 Ti Mobile] driver: N/A
Device-3: Sunplus Innovation Integrated_Webcam_HD driver: uvcvideo
type: USB
Display: x11 server: X.Org v: 21.1.11 with: Xwayland v: 23.2.6 driver: X:
loaded: modesetting unloaded: fbdev,vesa dri: iris gpu: i915
resolution: 1920x1080~120Hz
API: EGL v: 1.5 drivers: iris,swrast platforms: x11,surfaceless,device
API: OpenGL v: 4.6 compat-v: 4.5 vendor: intel mesa v: 24.0.9-0ubuntu0.1
renderer: Mesa Intel UHD Graphics (CML GT2)
API: Vulkan v: 1.3.275 drivers: N/A surfaces: xcb,xlib
- Also, the NVIDIA Settings app is installed but doesn’t seem to recognize any installed GPU drivers:
I’m including the nvidia bug report file and information about my system. I may also add that I have Windows 10 running with dual boot in the same machine and that works perfectly fine.
nvidia-bug-report.log (2.0 MB)
Operating System: Kubuntu 24.04
KDE Plasma Version: 5.27.11
KDE Frameworks Version: 5.115.0
Qt Version: 5.15.13
Kernel Version: 6.8.0-41-generic (64-bit)
Graphics Platform: X11
Processors: 12 × Intel® Core™ i7-10750H CPU @ 2.60GHz
Memory: 15.4 GiB of RAM
Graphics Processor: Mesa Intel® UHD Graphics
Manufacturer: Dell Inc.
Product Name: G3 3500
¿Could someone please share any indications on how to sign the drivers or solve the issue in some other way? Thanks very much.
Hello,
I had the same problem, and finally, I resolved it.
When Secure Boot is enabled, it only allows signed (trusted) drivers to load. NVIDIA drivers are not signed by default, which is why they fail to load. To fix this, you can sign the NVIDIA kernel modules yourself so that Secure Boot recognizes them.
You can set Secure Boot to off, but disabling it could lead to keyboard and mouse issues, potentially caused by a kernel panic or driver conflict.
So, the best way to Fix NVIDIA drivers is to enable a secure boot.
Follow these steps:
-
Step 1: Install Required Tools
sudo apt-get install mokutil openssl
-
Step 2: Generate Signing Keys
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Your Name/"
-
Step 3: Enroll the Key in MOK
sudo mokutil --import MOK.der
You will be prompted to create a password. Use this password to enroll the key in the BIOS/UEFI system.
-
Step 4: Reboot and Enroll Key in BIOS/UEFI
Reboot the system, enter the MOK management screen when prompted, and use the password to complete the enrollment of the key.
-
Step 5: Sign NVIDIA Kernel Modules
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 MOK.priv MOK.der $(modinfo -n nvidia)
-
Step 6: Reboot Again and Verify
nvidia-smi
After reboot, verify that the NVIDIA drivers are now properly loaded.
hope it helps
Hi @mohammad.vazirpanah1, welcome to the NVIDIA developer forums.
Thank you for the detailed write-up!
Two additions:
- NVIDIA drivers do include a check for secure boot during installation and prompt the user, if they want to sign the driver. This will initiate the MOK signing procedure, including generating the signing key and enrollment. Sadly though most users ignore or overlook this part.
- Signing keys can differ from Distribution to distribution, so users are advised to familiarize themselves with that process for their particular platform before doing this step manually.
Thanks!
1 Like
hi, where in the installation process described here for RHEL9 1. Introduction — NVIDIA Driver Installation Guide r560 documentation did I overlook this?
I was definitely not prompted. Was there some precondition I did not meet? Is this not the install process you are referring to? I tried this on AlmaLinux 9. Did the rpm script see that and decide not to bother about signing because it wasn’t rhel or rocky? The driver (565.57) installed and works fine otherwise with those instructions
ps
there is a bug in nvidia-driver-assistant that crashes out with a python stack trace on any unsupported distribution because there is a typo where it refers to distro_id rather than id in the unsupported distro error message code.
