Nvidia drivers Secure Boot – Ubuntu 16.10 (NVIDIA kernel module signing) … Installing Nvidia drivers on a Secure Boot with windows requires; rEFInd boot manager to load mokmanager.efi and add your self generated public certificate or hash binaries. KeyTool.efi to edit your MokList. You will also require a lot of coffee, some cigarettes, and luck !

rEFInd is a graphical boot manager for EFI- and UEFI-based computers, such as all Intel-based Macs and recent (most 2011 and later) PCs. You can install rEFInd via its PPA, which is an easy way to do the job:

sudo apt-add-repository ppa:rodsmith/refind
sudo apt-get update
sudo apt-get install refind

KeyTool.efi can be extracted from the efitools package downloaded from:

Machine Owner Key (MOK): Type the following command to generate your public and private keys.

sudo openssl req -new -x509 -newkey rsa:2048 -keyout private_key.priv -outform DER -out public_key.der -nodes -days 3650 -subj "/C=your country code/O=your organization/CN=your name/emailAddress=your emai/"

Sign your nvidia modules every time you upgrade the kernel or the driver !

for module in $(find /lib/modules/$(uname -r)/updates/dkms -iname "*nvidia*") ; do sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./private_key.priv ./public_key.der $module ; done

1 Comment

  1. Before updating driver signed modules should be removed from folder because new driver will not be able to delete them

Leave a Reply

Your email address will not be published. Required fields are marked *