Nvidia drivers Secure Boot – Ubuntu 16.10 (NVIDIA kernel module signing) … Installing Nvidia drivers on a Secure Boot with windows requires; rEFInd boot manager to load mokmanager.efi and add your self generated public certificate or hash binaries. KeyTool.efi to edit your MokList. You will also require a lot of coffee, some cigarettes, and luck !
rEFInd is a graphical boot manager for EFI- and UEFI-based computers, such as all Intel-based Macs and recent (most 2011 and later) PCs. You can install rEFInd via its PPA, which is an easy way to do the job:
sudo apt-add-repository ppa:rodsmith/refind sudo apt-get update sudo apt-get install refind
KeyTool.efi can be extracted from the efitools package downloaded from:
Machine Owner Key (MOK): Type the following command to generate your public and private keys.
sudo openssl req -new -x509 -newkey rsa:2048 -keyout private_key.priv -outform DER -out public_key.der -nodes -days 3650 -subj "/C=your country code/O=your organization/CN=your name/emailAddress=your emai/"
Sign your nvidia modules every time you upgrade the kernel or the driver !
for module in $(find /lib/modules/$(uname -r)/updates/dkms -iname "*nvidia*") ; do sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./private_key.priv ./public_key.der $module ; done