Join Log in
Score:3
YSC avatar Ubuntu

Ubuntu's dkms v3.0.6 breaks drivers with enabled SecureBoot

us flag
YSC

What happened

I upgraded my system yesterday and it updated dkms to the latest version for Ubuntu 22.10: dmks3.0.6-2ubuntu1. At the same time, apt upgraded me to the latest kernel version.

Since then, my nvidia drivers just stopped working.

The cause

After some looking, I managed to understand that the nvidia driver found in /lib/modules/5.19.0-35-generic/updates/dkms/nvidia.ko is NOT signed, explaining why modprobe nvidia outputs:

modprobe: ERROR: could not insert 'nvidia': Key was rejected by service

The root cause

After some more looking, I came to the conclusion that dmks3.0.6-2ubuntu1 is the sole reason for my game night being ruined.

Calling dkms manually

sudo dkms install --force nvidia/525.89.02    
Sign command: /usr/lib/linux-kbuild-5.19/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub
Binary kmod-sign not found, modules won't be signed
...

The bug is known since September 2022

From Bug#1019425: dkms 3.0.6-2 not signing modules, one can read:

Package: dkms Version: 3.0.6-2 Severity: important

Dear Maintainer,

With dkms 3.0.6-2 the modules are no longer signed. This means that secure-boot no longer works.

Back to 3.0.3-4 and and signing works again.

This bug is fixed by dkms3.0.9.

The question

What can I do (No, I cannot disable SecureBoot) to downgrade or upgrade dkms to a working version? apt list -a dkms only lists 3.0.6 as available versions for dkms :(

491
1 + 0
apt
Score:1
YSC avatar Ubuntu
us flag
YSC

A fix for dkms has been published to Ubuntu's PPA kinetic-updates.

You can temporarily add this repository to your sources and upgrade dkms to dkms3.0.6-2ubuntu2:

Add the repository

cat | sudo tee -a /etc/apt/sources.list
# 2023-03-03: Temp fix for dkms 3.0.6 bug
# <https://askubuntu.com/q/1457570/475641>
deb http://fr.archive.ubuntu.com/ubuntu/ kinetic-updates main

^D

(note: you might want to choose a mirror closer to you ;)

Upgrade dkms

sudo apt update && sudo apt install dkms

Fix your drivers

$ sudo dkms status
nvidia/525.89.02, 5.19.0-35-generic, x86_64: installed
# note that version string

$ sudo dkms remove --force nvidia/525.89.02
[...]

$ sudo dkms install --force nvidia/525.89.02
[...]

$ sudo modprobe nvidia

Voilà!

+ 2
YSC avatar
us flag
YSC
Personal note: after that I removed the kinetic-updates from my sources as I don't want to beta-test any other package
0
Reply
cyberbrain avatar
cn flag
cyberbrain
Isn't the kinetic-updates repository already active by default? When you write "don't want to beta-test" you might prefer Debian stable over Ubuntu anyways, I think that at the time of writing your answer, dkms version 3.0.10 was the most recent released version (in the github repo, not in the repos active in Ubuntu by default) and the version 3.0.6-2ubuntu2 that you mention here is "with cherry-picks from 3.0.7 upstream git". (And unfortunately that version doesn't do anything for me, but I also don't want to try anything newer because of "beta" status ;-)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.