Nvidia Driver Update - MOK Enrollment Issue

avfxtd · February 5, 2025, 9:36pm

Went to update my Leap 15.6 system as I do fortnightly. New Nvidia drivers, and kernel updates. However the MOK enrollment doesn’t seem to work or stick and I’m unable to get the Nvidia driver to start now. Have tried rolling back but even that is not working, maybe due to the new kernel or me trying to resolve the MOK keys.

Get this message showing up when booting:
failed to start nvidia persistence daemon

I’ve gone through the MOK screen as follows after updating my system, no errors
Enroll MOK
Continue
Yes
Entered Password
Reboot

Have done this multiple times in the past without issue.

I have also tried to reset the mokutil as follows:
mokutil --reset

After doing this I get the MOK screen on reboot, but am unable to find keys - I may have done another reset here and cleared the keys?

I’ve followed the Suse wiki on Nvidia drivers and the MOK screen, not sure what I’m missing here. My guess is that there’s a mismatch possibly with the kernel and new driver but this is beyond my understanding of linux.

Here is the list of updates, the nvidia versions and kernel updates at the bottom. If I can provide any further information to debug this please let me know. Thank you to anyone who can help.

The following 206 packages are going to be upgraded:
  accountsservice accountsservice-lang bind-utils binutils bubblewrap containerd cpp7 curl dnsmasq ffmpeg-7 flatpak gcc7 gdb git-core glibc glibc-32bit glibc-devel glibc-extra glibc-lang
  glibc-locale glibc-locale-base glibc-locale-base-32bit gnome-extensions gnome-shell gnome-shell-calendar gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang
  gnome-shell-lang gnome-themes-accessibility gnome-themes-accessibility-gtk2 gstreamer gstreamer-lang gstreamer-plugins-base gstreamer-plugins-base-lang gstreamer-plugins-good
  gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-lang gstreamer-utils gtk2-metatheme-adwaita gtk2-theming-engine-adwaita gtk2-theming-engine-adwaita-32bit
  gtk3-branding-openSUSE gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-lang gtk3-metatheme-adwaita gtk3-schema
  gtk3-tools java-11-openjdk java-11-openjdk-headless kernel-macros libaccountsservice0 libasan4 libavcodec57 libavcodec58_134 libavcodec61 libavdevice61 libavfilter10 libavfilter7_110
  libavformat58_76 libavformat61 libavresample4_0 libavutil55 libavutil56_70 libavutil59 libc++1 libc++abi1 libcilkrts5 libctf0 libctf-nobfd0 libcurl4 libcurl4-32bit libcurl-devel libfaad2
  libfdk-aac2 libflatpak0 libgfortran4 libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstreamer-1_0-0 libgstriff-1_0-0
  libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 libgtk-3-0 libheif1 libjavascriptcoregtk-4_0-18 libjavascriptcoregtk-4_1-0 libLLVM17 libLLVM17-32bit
  libmozjs-115-0 libnl3-200 libnl-config libopenaptx0 libopenjp2-7 liborc-0_4-0 libostree libostree-1-1 libpoppler135 libpoppler-cpp0 libpoppler-glib8 libpoppler-qt5-1 libpostproc54
  libpostproc55_9 libpostproc58 libproxy1 libpxbackend-1_0 libquicktime0 libreoffice libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw
  libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreofficekit libreoffice-l10n-en libreoffice-mailmerge libreoffice-math
  libreoffice-pyuno libreoffice-writer librtmp1 libsecret-1-0 libsecret-lang libswresample2 libswresample3_9 libswresample5 libswscale5_9 libswscale8 libsystemd0 libsystemd0-32bit libubsan0
  libudev1 libudev1-32bit libvlc5 libvlccore9 libwebkit2gtk-4_0-37 libwebkit2gtk-4_1-0 libx264-164 libx265-209 libxml2-2 libxml2-2-32bit libxml2-tools libxvidcore4 libzypp
  metatheme-adwaita-common MozillaFirefox nscd nvidia-compute-G06 nvidia-compute-G06-32bit nvidia-compute-utils-G06 nvidia-driver-G06-kmp-default nvidia-gl-G06 nvidia-gl-G06-32bit
  nvidia-video-G06 nvidia-video-G06-32bit openvpn permissions polkit-default-privs poppler-tools rsync sof-firmware systemd systemd-doc systemd-lang system-user-flatpak
  typelib-1_0-AccountsService-1_0 typelib-1_0-Gst-1_0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 typelib-1_0-Gtk-3_0
  typelib-1_0-JavaScriptCore-4_0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-Secret-1 typelib-1_0-WebKit2-4_0 typelib-1_0-WebKit2-4_1 udev vim vim-data vim-data-common vlc-codecs vlc-noX
  webkit2gtk-4_0-injected-bundles webkit2gtk-4_1-injected-bundles xen-libs yast2-installation zypper zypper-log zypper-needs-restarting

The following 11 NEW packages are going to be installed:
  kernel-default-6.4.0-150600.23.33.1 kernel-default-devel-6.4.0-150600.23.33.1 kernel-default-extra-6.4.0-150600.23.33.1 kernel-default-optional-6.4.0-150600.23.33.1
  kernel-devel-6.4.0-150600.23.33.1 libnvidia-egl-gbm1 libnvidia-egl-gbm1-32bit nvidia-common-G06 nvidia-modprobe nvidia-persistenced p11-kit-server

The following package requires a system reboot:
  kernel-default-6.4.0-150600.23.33.1

avfxtd · February 5, 2025, 11:36pm

Further debugging, and did a rollback and reinstall again.

I can confirm the keys are enrolled, however my Nvidia driver still will not start

mokutil --import MOK-nvidia-driver-G06-570.86.16-lp156.31.1-default.der --root-pw
SKIP: MOK-nvidia-driver-G06-570.86.16-lp156.31.1-default.der is already enrolled

Still seems to be an issue with the nvidia-persistenced.service So I’ve checked journalctl

sudo journalctl -xe | grep nvidia-persistenced
Feb 06 09:57:42 DarkHorse systemd[1]: nvidia-persistenced.service: Scheduled restart job, restart counter is at 5.
░░ Automatic restarting of the unit nvidia-persistenced.service has been scheduled, as the result for
Feb 06 09:57:42 DarkHorse systemd[1]: nvidia-persistenced.service: Start request repeated too quickly.
Feb 06 09:57:42 DarkHorse systemd[1]: nvidia-persistenced.service: Failed with result 'exit-code'.
░░ The unit nvidia-persistenced.service has entered the 'failed' state with result 'exit-code'.
░░ Subject: A start job for unit nvidia-persistenced.service has failed
░░ A start job for unit nvidia-persistenced.service has finished with a failure.
Feb 06 09:58:45 DarkHorse systemd[1]: /usr/lib/systemd/system/nvidia-persistenced.service:7: PIDFile= references a path below legacy directory /var/run/, updating /var/run/nvidia-persistenced/nvidia-persistenced.pid → /run/nvidia-persistenced/nvidia-persistenced.pid; please update the unit file accordingly.

Pretty much stuck here and not sure what else to do if they keys are enrolled already.

arvidjaar · February 6, 2025, 4:11am

What makes you think it has anything to do with MOK? Are NVIDIA drivers loaded?

avfxtd · February 6, 2025, 4:13am

I should repost this and change the thread. Initially I assumed it was MOK enroll issue, but now that I’ve validated the keys are enrolled I’m not sure how to get past the nvidia-persistenced service not working.

hui · February 6, 2025, 4:23am

https://bugzilla.opensuse.org/show_bug.cgi?id=1236666

avfxtd · February 6, 2025, 6:12am

Thank you for posting that link. This certainly seemed like a bug to me. I have not resolved the issue any further with the latest drivers, for now I’ve done the following:

Rollback Nvidia drivers from 570.86.16 to 550.144.03
Reinstalled suse-prime. This was un-installed via the most recent update, according to the bug report its not needed any more… but without it I was not able to get nvidia drivers working.
Re-enabled nvidia-persistenced.serivce

Not sure why but I get a sudden full green screen now immediately after logging in. This makes me afraid to update my other workstations, thankfully initially on a laptop to test updates. Frustrated to say the least…

dsbarao · March 7, 2025, 12:38am

I updated my Tumbleweed on 03/06/2025, and in this update, the NVIDIA driver was upgraded from version 550 to 570. I restarted my computer several times after the update, tested my games, and everything ran correctly.

The next day, when I turned on the computer, I encountered the message: “Failed to start NVIDIA Persistence Daemon.”

In my case, I started Plasma manually (startplasma-wayland) and noticed that some updates were still pending in Discover, but they wouldn’t proceed from there. To force the updates, I ran the command: “sudo zypper dup”, in the terminal. This successfully forced the update, and after restarting the system, everything returned to normal.

avfxtd · March 10, 2025, 6:37am

Can’t say I know what happened either, but I’ve redone all the updates and allowed 570 drivers to install this time. And so far seems ok. Nivdia is running as expected. Not sure what the problem was with the previous update. I run X11 not Wayland for various reason.