I have an ASUS ROG laptop with dual SSDs. I have dual-booting working fine. I’m running a fully patched Fedora 37 on one drive and Windows 11 on the other.
The problem is trying to get the NVidia proprietary drivers working under Fedora. It looks like I need to disable Secure Boot, but won’t that make my Windows partition quit working?
I’m sure there is a good blog somewhere that walks me through this process. If someone could point me in the right direction, I would really appreciate it.
The caveat with either method is that once the kernel modules for a particular kernel have been built before the signing key is created and loaded then there is no way to directly sign the already compiled modules.
The fix is to remove the modules then recompile them. Very easy in a 3 step process with the packages installed from rpmfusion. All these steps need to be done with sudo or as root.
follow the 2 steps to create the key and enroll it in MOK
# To create the self generated key and certificate:
/usr/sbin/kmodgenca
# To import the key, the command will ask for a password to protect the key
# You will have to enter this password during the special EFI window
mokutil --import /etc/pki/akmods/certs/public_key.der
dnf remove *nvidia* --exclude=nvidia-gpu-firmware which will remove all the nvidia packages (and maybe more) This is not an issue since the next step will reinstall the needed packages and recompile the modules.
dnf install akmod-nvidia xorg-x11-drv-nvidia-cuda
This step reinstalls all the needed packages and recompiles the new modules with the new signing key created in step 1.
reboot after about a 5 minute or so wait for the modules to be completely rebuilt.
This boot should now load the signed kernel modules.
The bios screen for this boot will bring up the special EFI MOK screen noted in step 1 where your chosen password is needed to load and activate the key you just generated.
So, when I follow those steps, I still get a message that the NVidia module is missing and falling back to nouveau. Then the GPU selector extension says that the dedicated GPU is off.
Ok, now I would like to have you reboot. Shortly after the boot finishes post the output of dmesg | grep -iE 'secure|nvidia|nouveau', dnf list installed *nvidia*, and inxi -Fzxx. Then add sudo ls -l /etc/pki/akmods/certs and sudo ls -l /etc/pki/akmods/private
You seem to be missing the firmware for your GPU. The firmware is required before the driver can properly load.
The dnf list installed command should have given something like
Please reinstall that package. dnf install nvidia-gpu-firmware or dnf reinstall linux-firmware should handle that.
Then do a reboot.
Notice that I have several packages you do not.
You also likely will want cuda available, which can be installed with dnf install xorg-x11-drv-nvidia-cuda
Now, please show and describe in detail the error you are seeing. This looks good on the surface.
Your earlier output from dmesg shows that secure boot is disabled so if windows boots it should not be an issue. If windows does not boot then you should be able to turn secure boot back on and the fedora drivers for nvidia should still load.
The original question was about enabling nvidia with secure boot, so I do not at this point understand exactly what you are now describing as a problem.
I actually didn’t realize secure boot had already been disabled. My original question also lacked some of the understanding of my setup that I’ve now been collecting.
The issue, at its core, is this: I have an integrated and dedicated GPU in my ASUS ROG. Fedora is not currently working with the Nvidia card. I know this from a couple signs:
During boot, I get a message on the splash screen that says “Nvidia driver not found, falling back to nouveau” (or something close to that)
The HDMI port on my laptop doesn’t detect when a cable is plugged in
Finally, in the Gnome Panel, it shows the dedicated GPU is off
Please run new the command dmesg | grep -iE 'nvidia|nouveau' and post the output.
Also lsmod | grep -iE 'nouveau|nvidia'.
Finally, the output of nvidia-smi and lspci | grep VGA
I have already had the case open and cleaned out the airflow passages so other than a lot of tiny screws to keep track of, opening it up is not really difficult.
The only other thing I can think of is that since yours has a date of 10/07/2022 on the firmware it is quite new. Possibly the hardware is too new to be supported by the kernel?
The specs seem to indicate it should have an RTX 3060 GPU and I know the 3060 is supported by the nvidia drivers, and that the current firmware levels also support it.
Is it possible the discrete nvidia GPU is disabled in the bios?
The output of dmesg seems to indicate that the sound chip in the GPU is loading the needed drivers; but the graphics driver is not loading.
Since you have now stated that windows uses the hdmi port properly, have you verified that windows is using the nvidia GPU or just the iGPU.
At some point in testing with nvidia I added the following to the kernel command line kvm.ignore_msrs=1 on one of my systems (not the laptop) so I wonder if maybe you could add that by editing the grub entry for your kernel while booting and see if it makes any difference.
(press e at the grub menu then add that into the line beginning with linux. Finish booting with ctrl-x)
If blacklisted it may be in one of those files listed, or it may be in a file under /etc/dracut.conf.d/ . If the nvidia driver were blacklisted it should tell you so when booting.
Check journalctl -b 0 | grep -iE 'nvidia|nouveau' to see if there are entries there not shown in dmesg.
I did come across this file: /etc/modprobe.d/supergfxd.conf:
# Automatically generated by supergfxd
blacklist nouveau
blacklist nvidia_drm
blacklist nvidia_uvm
blacklist nvidia_modeset
blacklist nvidia
alias nouveau off
options nvidia-drm modeset=1
journalctl
$ journalctl -b 0 | grep -iE 'nvidia|nouveau'
Jan 02 11:18:48 jarvis kernel: Command line: BOOT_IMAGE=(hd0,gpt1)/vmlinuz-6.0.15-300.fc37.x86_64 root=/dev/mapper/jarvis-root ro resume=/dev/mapper/jarvis-swap00 rd.lvm.lv=jarvis/root rd.luks.uuid=luks-6088800e-6787-40e3-99b5-0e27943bf27f rd.lvm.lv=jarvis/swap00 rhgb quiet nvidia-drm.modeset=1
Jan 02 11:18:48 jarvis kernel: Kernel command line: BOOT_IMAGE=(hd0,gpt1)/vmlinuz-6.0.15-300.fc37.x86_64 root=/dev/mapper/jarvis-root ro resume=/dev/mapper/jarvis-swap00 rd.lvm.lv=jarvis/root rd.luks.uuid=luks-6088800e-6787-40e3-99b5-0e27943bf27f rd.lvm.lv=jarvis/swap00 rhgb quiet nvidia-drm.modeset=1
Jan 02 11:18:48 jarvis dracut-cmdline[371]: Using kernel command line parameters: BOOT_IMAGE=(hd0,gpt1)/vmlinuz-6.0.15-300.fc37.x86_64 root=/dev/mapper/jarvis-root ro resume=/dev/mapper/jarvis-swap00 rd.lvm.lv=jarvis/root rd.luks.uuid=luks-6088800e-6787-40e3-99b5-0e27943bf27f rd.lvm.lv=jarvis/swap00 rhgb quiet nvidia-drm.modeset=1
Jan 02 17:19:07 jarvis kernel: input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card0/input33
Jan 02 17:19:07 jarvis kernel: input: HDA NVidia HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card0/input34
Jan 02 17:19:07 jarvis kernel: input: HDA NVidia HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card0/input35
Jan 02 17:19:07 jarvis kernel: input: HDA NVidia HDMI/DP,pcm=9 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card0/input36
Jan 02 17:19:07 jarvis kernel: input: HDA NVidia HDMI/DP,pcm=10 as /devices/pci0000:00/0000:00:01.1/0000:01:00.1/sound/card0/input37
Jan 02 17:19:08 jarvis systemd[1]: nvidia-fallback.service - Fallback to nouveau as nvidia did not load was skipped because of a failed condition check (ConditionKernelCommandLine=rd.driver.blacklist=nouveau).
Jan 02 17:19:10 jarvis systemd[1]: Starting nvidia-powerd.service - nvidia-powerd service...
Jan 02 17:19:10 jarvis /usr/bin/nvidia-powerd[2022]: nvidia-powerd version:1.0(build 1)
Jan 02 17:19:11 jarvis /usr/bin/nvidia-powerd[2022]: Allocate client failed 89
Jan 02 17:19:11 jarvis /usr/bin/nvidia-powerd[2022]: Failed to initialize RM Client
Jan 02 17:19:11 jarvis systemd[1]: nvidia-powerd.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 17:19:11 jarvis systemd[1]: nvidia-powerd.service: Failed with result 'exit-code'.
Jan 02 17:19:11 jarvis systemd[1]: Failed to start nvidia-powerd.service - nvidia-powerd service.
Jan 02 17:19:11 jarvis audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=nvidia-powerd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Jan 02 17:19:26 jarvis /usr/libexec/gdm-x-session[3637]: Kernel command line: BOOT_IMAGE=(hd0,gpt1)/vmlinuz-6.0.15-300.fc37.x86_64 root=/dev/mapper/jarvis-root ro resume=/dev/mapper/jarvis-swap00 rd.lvm.lv=jarvis/root rd.luks.uuid=luks-6088800e-6787-40e3-99b5-0e27943bf27f rd.lvm.lv=jarvis/swap00 rhgb quiet nvidia-drm.modeset=1
Jan 02 17:19:31 jarvis systemd[3598]: Started app-gnome-nvidia\x2dsettings\x2duser-4131.scope - Application launched by gnome-session-binary.
Jan 02 17:19:32 jarvis nvidia-settings-user.desktop[4131]: ERROR: NVIDIA driver is not loaded
Blacklisting like that affects every module for nvidia.
With a few quick searches I did not find what use that is or why it would be there, but it certainly would prevent loading any drivers for nvidia.
You could rename it to a backup, since the files in that directory that are named with a .conf ending are the ones processed. Or even move it somewhere else.
Then reboot and test to see if the drivers now load.
EDIT:
I just did an online search and it seems that is related to supergfxctl for suspending laptops that have trouble doing so with an nvidia gpu. It apparently disables the nvidia GPU and forces use of the iGPU only.