Bug#953366: nvidia-kernel-dkms: module not loaded due lockdown

2021-05-28 Thread mando 

Hello Paul,

Thank you for you message. In the following link, you'll find the two 
scripts I'm currently using.


https://forums.developer.nvidia.com/t/linux-nvidia-gpu-screens-are-not-yet-supported/120834/7 



*Current status:*

On first nvidia-kernel-dkms installation*:
*

 * First, run enroll.sh to create the pair of key.
 * Second, reboot and enter the BIOS to enroll your keys.
 * Third, run sign.sh and reboot (*).

On linux-image/nvidia-kernel-dkms updates:

 * Run sign.sh to sign the new nvidia module. In my case, I know that I
   must run the script because I see a red line when booting under Debian.
 * Note that in sign.sh, KBUILD_VER is computed from the running
   kernel. This means that you might need to reboot on the new kernel
   before running sign.sh. You could also adapt the script for every
   installed kernel.
 * Then, reboot (*).

*Wish list:*

 * nvidia-kernel-dkms should first determine whether the secure boot is
   enabled or not. If so, it should create a new pair of keys (if not
   yet existing) and indicate the procedure to enroll the key in the BIOS.
 * nvidia-kernel-dkms should install a kind of post-install rule for
   linux-image (I don't know if it's possible) to run sign.sh for the
   new kernel.

Best regards,
mando

(*) You could probably just unload/reload nvidia module and restart X 
server. I reboot because it is simpler.


Le 28/05/2021 à 15:07, Paul Slootman a écrit :

On Tue 14 Apr 2020, ma...@april.org wrote:

My problem is solved.

It was happening because I did signed nvidia-kernel.ko as explained here in:
https://wiki.debian.org/SecureBoot

In the details, to automate the process for future nvidia-kernel-dmks
update, I relied on this link:
https://gist.github.com/dop3j0e/2a9e2dddca982c4f679552fc1ebb18df

It would be helpful if you could write the specifics of that in this
bug report, as that page is no longer available.


Regards,
Paul

Bug#953366: nvidia-kernel-dkms: module not loaded due lockdown

2021-05-28 Thread Paul Slootman 
On Tue 14 Apr 2020, ma...@april.org wrote:
> 
> My problem is solved.
> 
> It was happening because I did signed nvidia-kernel.ko as explained here in:
> https://wiki.debian.org/SecureBoot
> 
> In the details, to automate the process for future nvidia-kernel-dmks
> update, I relied on this link:
> https://gist.github.com/dop3j0e/2a9e2dddca982c4f679552fc1ebb18df

It would be helpful if you could write the specifics of that in this
bug report, as that page is no longer available.


Regards,
Paul

Bug#953366: nvidia-kernel-dkms: module not loaded due lockdown

2020-04-13 Thread mando 

Dear maintainers,

My problem is solved.

It was happening because I did signed nvidia-kernel.ko as explained here in:
https://wiki.debian.org/SecureBoot

In the details, to automate the process for future nvidia-kernel-dmks 
update, I relied on this link:

https://gist.github.com/dop3j0e/2a9e2dddca982c4f679552fc1ebb18df

So, I generated my MOK key, rebooted my computer to enroll it, and 
created /etc/dkms/nvidia-current.conf containing:


POST_BUILD=../../../../../../root/module-signing/dkms-sign-module

Then, I installed optirun and nvidia-smi:

apt install primus nvidia-smi

... rebuilt the nvidia module and

apt reinstall nvidia-kernel-dkms

... and provided the passphrase of my MOK key (see dkms-sign-module) 
when prompted.


After reboot, the nvidia module is now correctly loaded:

(mando@aldur) (~) $ lsmod | grep nvidia
nvidia_drm 53248  0
nvidia_modeset   1118208  1 nvidia_drm
nvidia  20467712  19 nvidia_modeset
ipmi_msghandler    65536  2 ipmi_devintf,nvidia
drm_kms_helper    212992  2 nvidia_drm,i915
drm   548864  13 drm_kms_helper,nvidia_drm,i915

In the details, if I run:

optirun glxgears

... and nvidia-smi in another terminal, I get:

(mando@aldur) (~) $ nvidia-smi
Tue Apr 14 03:58:29 2020
+-+
| NVIDIA-SMI 440.64   Driver Version: 440.64   CUDA Version: 
N/A  |

|---+--+--+
| GPU  Name    Persistence-M| Bus-Id    Disp.A | Volatile 
Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap| Memory-Usage | GPU-Util  
Compute M. |

|===+==+==|
|   0  GeForce MX150   On   | :02:00.0 Off 
|  N/A |

| N/A   46C    P0    N/A /  N/A | 10MiB /  2002MiB | 4%  Default |
+---+--+--+

+-+
| Processes: GPU Memory |
|  GPU   PID   Type   Process name 
Usage  |

|=|
|    0  2306  G /usr/lib/xorg/Xorg 
7MiB |
|    0  2310  G glxgears   
2MiB |

+-+

Best regards, you can close the bug

mando