NVidia: failed to enroll new keys but secure boot is enabled

Xionbox · August 27, 2023, 6:20pm

Hi there,

I’m facing a strange issue: when I install nvidia G05, as recommended by the nvidia website for my GTX 1070 Ti graphics card, the system freezes on boot and never asks me to enroll the keys. The only fix here is to rollback to the previous working version without nvidia installed. Some years ago, I had the nvidia drivers installed on this machine with OpenSuse Tumbleweed, but stopped upgrading it because I wasn’t doing any 3D stuff and maintaining nvidia was more hassle than it was worth. Now, I would like 3D acceleration again for a new project.

When I try to enroll a dummy key, it will report and error: “Failed to enroll new keys”. I also cannot set the verbosity of the mokutils command:

# mokutil --set-verbosity true
Failed to set SHIM_VERBOSE

But mokutils almost looks like it’s working:

# mokutil --sb-state 
SecureBoot enabled
# mokutil --root-pw --import /etc/uefi/certs/4659838C-shim.crt 
SKIP: /etc/uefi/certs/4659838C-shim.crt is already enrolled
# mokutil --root-pw --import /etc/uefi/certs/1F673297.crt 
Already in kernel trusted keyring. Skip /etc/uefi/certs/1F673297.crt

In I can't change the Secure Boot mode to enabled "Failed to delete Secure Boot state" · Issue #45 · lcp/mokutil · GitHub, the author of mokutil recommends checking the hex of some stuff, and from what I understand, it is set correctly:

# hexdump -C /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c 
00000000  06 00 00 00 00                                    |.....|
00000005
localhost:/home/cbr # hexdump -C /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c 
00000000  06 00 00 00 01                                    |.....|
00000005

I generated a “dummy” key using:

# openssl req -new -x509 -newkey rsa:2048 -nodes -days 36500 -outform DER -keyout "mok.priv" -out "mok.der"

I got this idea from https://docs.nvidia.com/networking/display/BlueFieldDPUOSLatest/UEFI+Secure+Boot, section “Generation of Custom Keys and Certificates”.
That key fails to enroll however:

# mokutil --import mok.der --root-pw 
Failed to enroll new keys

Any idea what could be going on here?

Thanks

arvidjaar · August 27, 2023, 7:12pm

It is difficult to answer without any real information, but most probably you are at the mercy of your firmware (or vendor of your firmware). As example, storage space in NVRAM could be fragmented and it would require reboot to defragment it. Or storage space is near to full. For some time I could only update grub on my system immediately after reboot - when system was running for some time, any attempt to change EFI variables failed.

There was the real case of bricking user’s systems by too aggressive writing in EFI NVRAM. Currently kernel should refuse adding new information if storage is more that 50% full. There is kernel option to disable this check, but I would not recommend blindly using it.

Show dmesg output immediately after the above command, it may provide more hints.

Xionbox · August 27, 2023, 7:30pm

Thanks for your quick reply.

Sadly, dmesg does not show anything when trying to set the verbosity or when trying to enroll the dummy key. Same with journalctl -f.

The /boot/efi partition only has a usage of 8% as well. It’s Dell (Alienware) desktop, and it’s run TW for several years now.

# df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        4.0M     0  4.0M   0% /dev
tmpfs           7.7G     0  7.7G   0% /dev/shm
tmpfs           3.1G   11M  3.1G   1% /run
/dev/nvme0n1p8   95G   10G   84G  11% /
tmpfs           7.7G   44K  7.7G   1% /tmp
/dev/nvme0n1p8   95G   10G   84G  11% /.snapshots
/dev/nvme0n1p8   95G   10G   84G  11% /boot/grub2/x86_64-efi
/dev/nvme0n1p8   95G   10G   84G  11% /boot/grub2/i386-pc
/dev/nvme0n1p8   95G   10G   84G  11% /opt
/dev/nvme0n1p8   95G   10G   84G  11% /root
/dev/nvme0n1p8   95G   10G   84G  11% /srv
/dev/nvme0n1p8   95G   10G   84G  11% /usr/local
/dev/nvme0n1p7  511M  5.2M  506M   2% /boot/efi
/dev/sdb1       220G  493M  208G   1% /var
/dev/sda3       1.3T  1.2T  171G  87% /home
tmpfs           1.6G  132K  1.6G   1% /run/user/1000

I’ll also add that this is a fresh installation from last night. I was running an older TW that, after 6 years of zypper dup with different repos enabled, stopped handling upgrades well (e.g. I could only boot on a specific kernel). So my plan this time is to mimic the Aeon set up of distrobox everything (Aeon works great on my laptop, but doesn’t with the nvidia card either).

Xionbox · August 27, 2023, 7:57pm

When I install the nvidia G05 driver (using zypper), the modinfo shows that the driver is signed:

# modinfo nvidia
filename:       /usr/lib/modules/6.4.11-1-default/updates/nvidia.ko
firmware:       nvidia/470.199.02/gsp.bin
alias:          char-major-195-*
version:        470.199.02
supported:      external
license:        NVIDIA
suserelease:    openSUSE Tumbleweed
srcversion:     9BCF341865EFC344FAC8991
alias:          pci:v000010DEd*sv*sd*bc03sc02i00*
alias:          pci:v000010DEd*sv*sd*bc03sc00i00*
depends:        
retpoline:      Y
name:           nvidia
vermagic:       6.4.11-1-default SMP preempt mod_unload modversions 
sig_id:         PKCS#7
signer:         Local build for nvidia-gfxG05 470.199.02 on 2023-08-27
sig_key:        27:8E:60:D2:76:AA:A7:0F:6C:C7:87:15:E6:7F:24:41:6B:9D:1D:26
sig_hashalgo:   sha256
signature:      66:2F:78:C4:9F:78:1D:98:C5:7B:2D:53:03:39:B8:98:DC:49:30:B4:
		EE:84:2A:D7:0C:06:BD:4B:EC:E0:80:45:D7:35:2A:CE:1B:98:DB:B4:
		F6:7B:E5:76:EC:B9:62:A8:C8:D9:1A:4F:62:E7:C5:C8:1C:E9:8E:64:
		4F:54:BB:AB:4E:7D:D2:46:07:45:A8:E6:57:3C:22:53:DE:F9:75:FE:
		FB:9A:36:24:03:5A:F6:ED:71:56:9A:86:50:97:C9:8D:C7:61:49:6A:
		29:47:36:5E:73:FA:82:BE:E4:47:6A:D1:35:7E:D0:79:19:FB:D6:49:
		42:64:1D:DF:78:91:6C:54:6C:7E:84:50:FE:05:CE:C2:9D:72:4F:2C:
		CE:8F:72:01:9D:4B:0C:D3:B0:0B:89:AD:D5:95:03:85:8A:1E:1E:A6:
		72:73:3C:1C:22:24:0D:0D:A0:5B:88:D8:0E:D2:D6:B6:86:69:B5:7B:
		E0:1C:B6:33:7E:A2:43:56:E8:9B:67:7E:17:E5:33:71:DA:07:0F:43:
		F3:00:61:85:47:84:35:67:10:0D:78:34:81:0A:69:A8:C9:07:C1:ED:
		01:9A:7E:93:3C:F5:8D:92:AC:8A:8F:4A:44:41:B8:DB:72:9C:5A:C7:
		F0:92:C6:48:3E:36:9F:72:8A:A8:9C:3F:8F:77:90:91
parm:           NvSwitchRegDwords:NvSwitch regkey (charp)
parm:           NvSwitchBlacklist:NvSwitchBlacklist=uuid[,uuid...] (charp)
parm:           NVreg_ResmanDebugLevel:int
parm:           NVreg_RmLogonRC:int
parm:           NVreg_ModifyDeviceFiles:int
parm:           NVreg_DeviceFileUID:int
parm:           NVreg_DeviceFileGID:int
parm:           NVreg_DeviceFileMode:int
parm:           NVreg_InitializeSystemMemoryAllocations:int
parm:           NVreg_UsePageAttributeTable:int
parm:           NVreg_RegisterForACPIEvents:int
parm:           NVreg_EnablePCIeGen3:int
parm:           NVreg_EnableMSI:int
parm:           NVreg_TCEBypassMode:int
parm:           NVreg_EnableStreamMemOPs:int
parm:           NVreg_RestrictProfilingToAdminUsers:int
parm:           NVreg_PreserveVideoMemoryAllocations:int
parm:           NVreg_EnableS0ixPowerManagement:int
parm:           NVreg_S0ixPowerManagementVideoMemoryThreshold:int
parm:           NVreg_DynamicPowerManagement:int
parm:           NVreg_DynamicPowerManagementVideoMemoryThreshold:int
parm:           NVreg_EnableGpuFirmware:int
parm:           NVreg_EnableUserNUMAManagement:int
parm:           NVreg_MemoryPoolSize:int
parm:           NVreg_KMallocHeapMaxSize:int
parm:           NVreg_VMallocHeapMaxSize:int
parm:           NVreg_IgnoreMMIOCheck:int
parm:           NVreg_NvLinkDisable:int
parm:           NVreg_EnablePCIERelaxedOrderingMode:int
parm:           NVreg_RegisterPCIDriver:int
parm:           NVreg_RegistryDwords:charp
parm:           NVreg_RegistryDwordsPerDevice:charp
parm:           NVreg_RmMsg:charp
parm:           NVreg_GpuBlacklist:charp
parm:           NVreg_TemporaryFilePath:charp
parm:           NVreg_ExcludedGpus:charp
parm:           rm_firmware_active:charp

However mokutil --list-new returns an empty list.

And if I try to import it, it just fails without any info in dmesg or journalctl:

# mokutil --import /var/lib/nvidia-pubkeys/MOK-nvidia-gfxG05-470.199.02-54.8-default.der --root-pw 
Failed to enroll new keys

Sauerland · August 27, 2023, 8:34pm

Post:
mokutil --list-enrolled | grep Issuer

Xionbox · August 27, 2023, 10:06pm

That’s all I have:

# mokutil --list-enrolled | grep -i issue
        Issuer: CN=openSUSE Secure Boot CA, C=DE, L=Nuremberg, O=openSUSE Project/emailAddress=build@opensuse.org

And both default certs are enrolled already:

localhost:/ # ls /etc/uefi/certs/
1F673297.crt  4659838C-shim.crt
localhost:/ # mokutil --root-pw --import /etc/uefi/certs/1F673297.crt 
Already in kernel trusted keyring. Skip /etc/uefi/certs/1F673297.crt
localhost:/ # mokutil --root-pw --import /etc/uefi/certs/4659838C-shim.crt 
SKIP: /etc/uefi/certs/4659838C-shim.crt is already enrolled
localhost:/ #

arvidjaar · August 28, 2023, 6:43am

It is not about /boot/efi, but about EEPROM in your computer’s motherboard where UEFI variables are stored.

Run

strace -f -o /tmp/mokutil.strace mokutil --import /var/lib/nvidia-pubkeys/MOK-nvidia-gfxG05-470.199.02-54.8-default.der

and upload /tmp/mokutil.strace to https://susepaste.org/. You will be asked for the password by the mokutil, just enter anything to not accidentaly reveal your root password.

Xionbox · August 29, 2023, 3:27pm

Thanks for your suggestion, and my apologies for the delay in my response.

Here is the link to the paste that has the mokutil output. Note that I used an example signature (mok.der) since I rolled back to remove the nvidia installation all together.

https://paste.opensuse.org/pastes/f17c01f9562f

Xionbox · August 29, 2023, 3:50pm

After installing efivar, running efivar -l shows a lot of suspiciously named variables. Should I try to delete those?

8be4df61-93ca-11d2-aa0d-00e098032b8c-OsIndications
605dab50-e046-4300-abb6-3dd810dd8b23-FB_NO_REBOOT
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2F
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2E
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2D
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2C
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2B
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2A
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P29
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P28
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P27
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P26
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P25
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P24
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P23
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P22
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P21
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P20
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1F
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1E
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1D
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1C
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1B
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1A
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P19
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P18
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P17
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P16
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P15
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P14
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P13
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P12
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P11
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P10
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PF
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PE
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PD
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PC
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PB
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1PA
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P9
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P8
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P7
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P6
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P5
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P4
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P3
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P2
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P1
01bd3876-1ad6-4e59-b39a-7a0b1bde20ac-V1P0
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0000
1358e20b-0e48-4f06-8ddd-8809b8a74d6c-DDIAG_BHISTORY
(...)
4599d26f-1a11-49b8-b91f-858745cff824-StdDefaults
cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0-dump-type0-7-1-1643846333-C
cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0-dump-type0-4-1-1643846333-C
cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0-dump-type0-3-1-1643846333-C
cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0-dump-type0-2-1-1643846333-C
cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0-dump-type0-1-1-1643846333-C
(...)

Could these be from years of updates that add new efivars without deleting old ones?

arvidjaar · August 29, 2023, 5:53pm

As expected:

11373 write(4, "\7\0\0\0\241Y\300\245\344\224\247J\207\265\253\25\\+\360r\235\3\0\0\0\0\0\0\201\3\0\0"..., 929) = -1 ENOSPC (No space left on device)

Those come up in google search; I do not know what they are.

Those are Linux kernel dumps. They are disabled by default in openSUSE kernel. Show full output of

LANG=C LC_ALL=C ls -l /sys/firmware/efi/efivars

Deleting dump variables should be safe (but capture ls -l to have estimation how much space they consume). You likely will need to reboot to actually gain some free space. Others - I do not know. I would be rather careful to delete anything in firmware.

You may try to initialize your BIOS settings to default. You will likely need to reinstall bootloader (at least, recreate entries) and re-enroll all certificates again.

Xionbox · September 4, 2023, 10:41pm

Wow! So it was definitely the dump* files that were using up space. Each was between 200 and 800 bytes, and there were lots of them:

localhost:/sys/firmware/efi/efivars # l dump-type0-*
-rw-r--r-- 1 root root 746 Sep  4 10:34 dump-type0-10-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 476 Sep  4 10:34 dump-type0-10-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 628 Sep  4 10:34 dump-type0-10-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 420 Sep  4 10:34 dump-type0-10-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 691 Sep  4 10:34 dump-type0-10-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 761 Sep  4 10:34 dump-type0-10-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 632 Sep  4 10:34 dump-type0-11-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 666 Sep  4 10:34 dump-type0-11-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 433 Sep  4 10:34 dump-type0-11-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 391 Sep  4 10:34 dump-type0-1-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 247 Sep  4 10:34 dump-type0-1-1-1643420588-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 300 Sep  4 10:34 dump-type0-1-1-1643614242-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 331 Sep  4 10:34 dump-type0-1-1-1643846333-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 749 Sep  4 10:34 dump-type0-11-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 475 Sep  4 10:34 dump-type0-11-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 610 Sep  4 10:34 dump-type0-11-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 604 Sep  4 10:34 dump-type0-12-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 726 Sep  4 10:34 dump-type0-12-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 496 Sep  4 10:34 dump-type0-12-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 561 Sep  4 10:34 dump-type0-1-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 583 Sep  4 10:34 dump-type0-1-2-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 695 Sep  4 10:34 dump-type0-1-2-1643614258-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 627 Sep  4 10:34 dump-type0-12-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 668 Sep  4 10:34 dump-type0-12-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 767 Sep  4 10:34 dump-type0-12-2-1643614269-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 633 Sep  4 10:34 dump-type0-13-1-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 821 Sep  4 10:34 dump-type0-13-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 374 Sep  4 10:34 dump-type0-13-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 605 Sep  4 10:34 dump-type0-13-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 730 Sep  4 10:34 dump-type0-13-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 523 Sep  4 10:34 dump-type0-13-2-1643614269-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 345 Sep  4 10:34 dump-type0-14-1-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 505 Sep  4 10:34 dump-type0-14-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 254 Sep  4 10:34 dump-type0-14-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 637 Sep  4 10:34 dump-type0-14-2-1643419349-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 826 Sep  4 10:34 dump-type0-14-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 513 Sep  4 10:34 dump-type0-14-2-1643614270-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 354 Sep  4 10:34 dump-type0-15-1-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 534 Sep  4 10:34 dump-type0-15-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 572 Sep  4 10:34 dump-type0-15-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 352 Sep  4 10:34 dump-type0-15-2-1643419349-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 492 Sep  4 10:34 dump-type0-15-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 651 Sep  4 10:34 dump-type0-15-2-1643614270-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 642 Sep  4 10:34 dump-type0-16-1-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 453 Sep  4 10:34 dump-type0-16-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 741 Sep  4 10:34 dump-type0-16-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 352 Sep  4 10:34 dump-type0-16-2-1643419349-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 536 Sep  4 10:34 dump-type0-16-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 726 Sep  4 10:34 dump-type0-16-2-1643614270-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 689 Sep  4 10:34 dump-type0-17-1-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 630 Sep  4 10:34 dump-type0-17-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 804 Sep  4 10:34 dump-type0-17-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 638 Sep  4 10:34 dump-type0-17-2-1643419349-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 771 Sep  4 10:34 dump-type0-18-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 846 Sep  4 10:34 dump-type0-2-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 844 Sep  4 10:34 dump-type0-2-1-1643420588-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 855 Sep  4 10:34 dump-type0-2-1-1643614242-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 836 Sep  4 10:34 dump-type0-2-1-1643846333-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 612 Sep  4 10:34 dump-type0-2-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 557 Sep  4 10:34 dump-type0-2-2-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 544 Sep  4 10:34 dump-type0-2-2-1643614258-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 787 Sep  4 10:34 dump-type0-3-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 786 Sep  4 10:34 dump-type0-3-1-1643420588-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 798 Sep  4 10:34 dump-type0-3-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 820 Sep  4 10:34 dump-type0-3-1-1643846333-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 842 Sep  4 10:34 dump-type0-3-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 850 Sep  4 10:34 dump-type0-3-2-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 516 Sep  4 10:34 dump-type0-3-2-1643614258-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 637 Sep  4 10:34 dump-type0-4-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 653 Sep  4 10:34 dump-type0-4-1-1643420588-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 614 Sep  4 10:34 dump-type0-4-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 645 Sep  4 10:34 dump-type0-4-1-1643846333-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 790 Sep  4 10:34 dump-type0-4-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 786 Sep  4 10:34 dump-type0-4-2-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 690 Sep  4 10:34 dump-type0-4-2-1643614258-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 206 Sep  4 10:34 dump-type0-4-2-1646672201-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 596 Sep  4 10:34 dump-type0-5-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 563 Sep  4 10:34 dump-type0-5-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 776 Sep  4 10:34 dump-type0-5-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 637 Sep  4 10:34 dump-type0-5-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 655 Sep  4 10:34 dump-type0-5-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 850 Sep  4 10:34 dump-type0-5-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 657 Sep  4 10:34 dump-type0-6-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 807 Sep  4 10:34 dump-type0-6-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 485 Sep  4 10:34 dump-type0-6-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 595 Sep  4 10:34 dump-type0-6-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 565 Sep  4 10:34 dump-type0-6-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 774 Sep  4 10:34 dump-type0-6-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 625 Sep  4 10:34 dump-type0-7-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 511 Sep  4 10:34 dump-type0-7-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 451 Sep  4 10:34 dump-type0-7-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 391 Sep  4 10:34 dump-type0-7-1-1643846333-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 659 Sep  4 10:34 dump-type0-7-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 809 Sep  4 10:34 dump-type0-7-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 529 Sep  4 10:34 dump-type0-7-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 740 Sep  4 10:34 dump-type0-8-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 600 Sep  4 10:34 dump-type0-8-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 733 Sep  4 10:34 dump-type0-8-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 631 Sep  4 10:34 dump-type0-8-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 507 Sep  4 10:34 dump-type0-8-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 525 Sep  4 10:34 dump-type0-8-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 413 Sep  4 10:34 dump-type0-9-1-1643419347-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 695 Sep  4 10:34 dump-type0-9-1-1643420589-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 773 Sep  4 10:34 dump-type0-9-1-1643614243-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 742 Sep  4 10:34 dump-type0-9-2-1643419348-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 603 Sep  4 10:34 dump-type0-9-2-1643420590-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0
-rw-r--r-- 1 root root 850 Sep  4 10:34 dump-type0-9-2-1643614259-C-cfc8fc79-be2e-4ddc-97f0-9f98bfe298a0

Deleting them allowed me to enroll the mok.der dummy key that I created:

localhost:/home/cbr # mokutil --root-pw --import mok.der 
localhost:/home/cbr # mokutil --list-new 
[key 1]
SHA1 Fingerprint: 5a:32:0e:9b:b4:88:04:9d:69:d6:19:51:77:fb:c8:ff:b0:cb:42:ea
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:13:7c:57:48:c9:ce:ed:bb:d0:b4:6f:b6:42:ce:4b:3b:93:04:89
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Aug 27 18:04:38 2023 GMT
            Not After : Aug  3 18:04:38 2123 GMT
        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a3:52:80:a9:2f:c5:95:b8:0d:5d:f8:1c:ee:06:
                    a5:ae:63:7f:43:9a:c5:f6:b2:a1:ab:47:20:a9:e0:
                    da:36:6b:72:c9:4a:21:85:8e:47:06:e8:77:9e:3f:
                    86:f3:80:66:36:44:36:d9:44:a0:15:92:8f:c3:25:
                    bc:33:50:e5:ff:f1:63:cf:4a:76:0f:ae:63:17:61:
                    45:bc:65:3e:91:57:65:85:fb:b5:ab:c2:fc:78:9b:
                    f8:7e:af:38:00:a7:ae:ae:ed:58:8f:f7:4e:11:c6:
                    a0:ba:f4:03:ca:bc:86:a4:84:e8:39:32:82:f2:75:
                    cb:14:f6:29:ec:f0:88:d8:ed:5c:14:7e:5f:b9:57:
                    ac:de:1b:2d:8d:01:3a:83:6c:1f:b5:23:d0:04:19:
                    7d:89:c0:dc:22:82:89:c6:14:a8:b3:c6:b5:c9:9e:
                    13:d2:b7:41:24:ff:f0:c4:c6:11:d7:d5:4c:87:e9:
                    7e:63:dc:32:9b:7e:64:d0:3d:02:f6:59:08:cc:c0:
                    5d:fc:ae:9c:61:4b:4d:eb:6e:1f:7e:0f:d9:af:f7:
                    8f:01:1f:a1:bf:e1:73:9f:e5:d6:dd:9e:b6:4e:b0:
                    9b:01:d7:ec:63:f7:7d:6c:fb:e5:97:3b:5e:8e:c8:
                    36:28:1d:32:13:d7:82:1e:f9:8b:c9:48:96:23:9d:
                    8b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                13:CD:C5:D8:83:0C:83:C7:D5:9E:43:CE:AC:E9:AE:D9:04:D9:0D:DF
            X509v3 Authority Key Identifier: 
                13:CD:C5:D8:83:0C:83:C7:D5:9E:43:CE:AC:E9:AE:D9:04:D9:0D:DF
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        02:9c:b8:5f:4f:fc:59:25:18:17:9d:9a:5d:ff:20:33:25:92:
        79:9f:61:d0:69:1d:2d:13:3e:b0:19:77:3d:80:03:a2:ad:7c:
        f2:fa:ae:54:fa:e0:27:c1:6d:42:4e:83:cc:02:c3:52:72:2c:
        bb:5e:9d:58:4b:94:8a:5e:df:1b:7d:90:ef:c8:39:71:74:62:
        0f:bc:40:53:bf:e4:8a:d8:cd:37:8c:01:10:2f:f7:6c:5b:a8:
        32:66:48:5c:fd:fd:db:7d:54:05:f0:eb:66:39:9f:a8:27:40:
        5c:0a:e3:5f:8b:c5:6d:d3:29:1d:79:da:c0:14:3e:b4:f8:d8:
        c1:3e:cc:c5:9f:a4:18:af:25:b1:91:4c:1b:da:ea:1e:fc:aa:
        f1:49:6f:70:06:59:4b:68:d9:9d:9a:4c:de:d6:aa:31:83:ec:
        e1:d5:81:58:b1:0d:4c:68:f7:b6:5b:b8:dc:da:24:a0:60:c4:
        9b:98:d0:17:2b:c4:ab:db:2b:2a:ce:f1:1b:29:c4:1e:4a:52:
        48:1c:82:d9:6d:52:fc:7b:d7:7c:f7:95:25:3d:65:34:f0:ac:
        d2:eb:23:ac:ad:f2:18:7a:17:14:3b:27:9b:dd:0a:94:fb:21:
        ca:2f:42:99:29:18:7d:4a:6e:28:10:e3:ba:d3:6c:2b:a0:a5:
        6c:2a:ea:2b
localhost:/home/cbr #

I’ll reboot, confirm this works, and then I’ll install the nvidia drivers.

Xionbox · September 4, 2023, 11:00pm

It’s a start? I could enroll the nvidia driver, but then upon rebooting, the window manager never started. I was stuck on the terminal, so I forcibly rebooted (maintain Ctrl+Alt+Del for 5 seconds). If I read the boot log correctly, it seems like nvidia was correctly loaded, so I’m not sure what the source of the issue is here. I’m running Gnome Shell with auto-login: could it be a wayland versus X11 issue?

Here is a link to the boot log: openSUSE Paste .

malcolmlewis · September 4, 2023, 11:06pm

@Xionbox Likely, did you configure /etc/gdm/custom.conf and uncomment #WaylandEnable=false I run X11 with Nvidia, Wayland does not play nice for me…

I would also disable autologin for the moment…

Xionbox · September 5, 2023, 12:05am

I think something else is going awry, but I’m not sure how to debug it. The symptom is that when the “boot terminal” is supposed to refresh to change the size of the font, nothing happens: the text freezes and the screen no longer refreshes. From the sounds of the hard drive, the computer continues its boot process. I can cleanly restart by holding down ctrl+alt+del though.

First, I checked that I was using the appropriate driver here: Official Drivers | NVIDIA . And that’s correct, my card requires the G06 driver.
Then, when I would select the driver, YaST would also add suse-prime and the nvidia-open-driver-G06-signed.... I’m a desktop, so suse-prime didn’t seem right, so I prevent its installation. Just after I post this, I’ll try the “minimal G06” install in case my manual changes cause issues.

In the boot log, the only thing that could raise an eyebrow is this:

Sep 04 17:39:03 localhost systemd[1]: Finished Load Kernel Module efi_pstore.
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2: AER: Multiple Corrected error received: 0000:00:1c.2
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID)
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2:   device [8086:a292] error status/mask=00002001/00002000
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2:    [ 0] RxErr                 
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2: AER:   Error of this Agent is reported first
Sep 04 17:39:03 localhost kernel: ath10k_pci 0000:05:00.0: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Transmitter ID)
Sep 04 17:39:03 localhost kernel: ath10k_pci 0000:05:00.0:   device [168c:0042] error status/mask=00001081/00006000
Sep 04 17:39:03 localhost kernel: ath10k_pci 0000:05:00.0:    [ 0] RxErr                 
Sep 04 17:39:03 localhost kernel: ath10k_pci 0000:05:00.0:    [ 7] BadDLLP               
Sep 04 17:39:03 localhost kernel: ath10k_pci 0000:05:00.0:    [12] Timeout               
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2: AER: Multiple Corrected error received: 0000:05:00.0
Sep 04 17:39:03 localhost kernel: pcieport 0000:00:1c.2: AER: Corrected error received: 0000:05:00.0
Sep 04 17:39:04 localhost systemd[1]: Mounting /boot/efi...

However, these aren’t related to the nvidia card:

╰─○ lspci | grep -i nvidia
01:00.0 VGA compatible controller: NVIDIA Corporation GP104 [GeForce GTX 1070 Ti] (rev a1)
01:00.1 Audio device: NVIDIA Corporation GP104 High Definition Audio Controller (rev a1)

One is a PCIe port and the other is the network controller:

00:1c.2 PCI bridge: Intel Corporation 200 Series PCH PCI Express Root Port #3 (rev f0)
05:00.0 Network controller: Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter (rev 31)

(And I successfully use the wireless network adapter all the time including as I type this).

Later in the boot log, there’s something about nvidia but it seems nominal to me.

Sep 04 17:39:04 localhost kernel: audit: type=1400 audit(1693870744.181:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe" pid=832 comm="apparmor_parser"
Sep 04 17:39:04 localhost kernel: audit: type=1400 audit(1693870744.181:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="nvidia_modprobe//kmod" pid=832 comm="apparmor_parser"

And the system does seem to boot correctly and the logs even indicate that X is up and running:

Sep 04 17:39:16 localhost.localdomain avahi-daemon[962]: Server startup complete. Host name is linux.local. Local service cookie is 74413452.
(...)
Sep 04 17:39:17 localhost.localdomain systemd[1]: Started X Display Manager.

malcolmlewis · September 5, 2023, 12:14am

Does the system CPU have built GPU (iGPU) that is disabled in the BIOS?

Don’t think that card supports the open driver…

Xionbox · September 5, 2023, 12:17am

Installing the minimal nvidia G06 package allows me to boot … but it doesn’t seem like I’m loading nvidia. nvtop shows that CoffeeLake graphics are enabled (which is the embedded graphics). Another piece of evidence is this in the boot log:

Sep 04 18:08:35 localhost kernel: nvidia-nvlink: Nvlink Core is being initialized, major device number 237
Sep 04 18:08:35 localhost kernel: NVRM: The NVIDIA probe routine was not called for 1 device(s).
Sep 04 18:08:35 localhost kernel: NVRM: This can occur when a driver such as: 
                                  NVRM: nouveau, rivafb, nvidiafb or rivatv 
                                  NVRM: was loaded and obtained ownership of the NVIDIA device(s).
Sep 04 18:08:35 localhost kernel: NVRM: Try unloading the conflicting kernel module (and/or
                                  NVRM: reconfigure your kernel without the conflicting
                                  NVRM: driver(s)), then try loading the NVIDIA kernel module
                                  NVRM: again.
Sep 04 18:08:35 localhost kernel: NVRM: No NVIDIA devices probed.
Sep 04 18:08:35 localhost kernel: nvidia-nvlink: Unregistered Nvlink Core, major device number 237
Sep 04 18:08:35 localhost kernel: iTCO_wdt iTCO_wdt: Found a Intel PCH TCO device (Version=4, TCOBASE=0x0400)
(...)
Sep 04 18:08:35 localhost systemd-udevd[691]: modprobe: ERROR: could not insert 'nvidia': No such device
(...)
Sep 04 18:08:35 localhost kernel: snd_hda_intel 0000:01:00.1: bound 0000:01:00.0 (ops nv50_audio_component_bind_ops [nouveau])
Sep 04 18:08:35 localhost kernel: input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:01.0/0000:01:00.1/sound/card1/input6
Sep 04 18:08:35 localhost kernel: nvidia_modeset: Unknown symbol nvidia_register_module (err -2)
Sep 04 18:08:35 localhost kernel: nvidia_modeset: Unknown symbol nvidia_get_rm_ops (err -2)
Sep 04 18:08:35 localhost kernel: nvidia_modeset: Unknown symbol nvidia_unregister_module (err -2)

Seeing your response now, should I be disabled in the embedded GPU in the bios ? I don’t recall seeing that options but I can check again.

malcolmlewis · September 5, 2023, 12:21am

@Xionbox Well up to you can always use Prime Render Offload? I use switchrooctl with GNOME and it’s integrated to launch applications from the meu with a right-click and select discrete gpu

https://download.nvidia.com/XFree86/Linux-x86_64/535.104.05/README/primerenderoffload.html

Get rid of the open driver, suse-prime, bbswitch, any xorg.conf files…

Xionbox · September 26, 2023, 7:08pm

My apologies in the delay in my response here, the issue is just so frustrating that I’ve not been trying to use this computer at all.
Anyway, removing the open driver causes GDM to not start. Specifically, I get a total screen freeze: nothing is shown but the boot command, and my only option is a force restart followed by a rollback. So every attempt to fix the nvidia driver with Gnome Shell on Tumbleweed takes me ten or fifteen minutes from update, to reboot, to restart, to rollback.

Here is the full boot log from journalctl: openSUSE Paste

And here are some relevant parts:

Driver is signed properly:

Sep 26 06:50:48 localhost kernel: integrity: Loaded X.509 cert 'Local build for nvidia-driver-G06 535.86.05 on 2023-09-04: 1d34b5ee72b6f19d767396f0b3201913eedff25c'
Sep 26 06:50:48 localhost kernel: integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table)
Sep 26 06:50:48 localhost kernel: integrity: Loaded X.509 cert 'Local build for nvidia-driver-G06 535.104.05 on 2023-09-26: 846e117cd8de2ab8946cba3e372e70f2a42ed48f'
Sep 26 06:50:48 localhost kernel: ima: No TPM chip found, activating TPM-bypass!
Sep 26 06:50:48 localhost kernel: Loading compiled-in module X.509 certificates
Sep 26 06:50:48 localhost kernel: Loaded X.509 cert 'openSUSE Secure Boot Signkey: fd9f2c12e599d67cc7f9067541adf426b712469e'

On GDM start, nvidia seems to be a valid option:

Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Scanning /usr/share/X11/xorg_pci_ids directory for additional PCI ID's supported by the drivers
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched intel as autoconfigured driver 0
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched nvidia as autoconfigured driver 1
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched nouveau as autoconfigured driver 2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched nv as autoconfigured driver 3
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched modesetting as autoconfigured driver 4
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched fbdev as autoconfigured driver 5
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Matched vesa as autoconfigured driver 6
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (==) Assigned the driver to the xf86ConfigLayout

And only nvidia try to load but fails to do so:

Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "intel"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) Warning, couldn't open module intel
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Failed to load module "intel" (module does not exist, 0)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "nvidia"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/drivers/nvidia_drv.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module nvidia: vendor="NVIDIA Corporation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.6.99.901, module version = 1.0.0
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         Module class: X.Org Video Driver
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "nouveau"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) Warning, couldn't open module nouveau
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Failed to load module "nouveau" (module does not exist, 0)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "nv"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) Warning, couldn't open module nv
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Failed to load module "nv" (module does not exist, 0)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "modesetting"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/drivers/modesetting_drv.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module modesetting: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 1.21.1
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         Module class: X.Org Video Driver
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org Video Driver, version 25.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "fbdev"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/drivers/fbdev_drv.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module fbdev: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 0.5.0
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         Module class: X.Org Video Driver
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org Video Driver, version 25.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "vesa"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/drivers/vesa_drv.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module vesa: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 2.6.0
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         Module class: X.Org Video Driver
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org Video Driver, version 25.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) NVIDIA dlloader X Driver  535.104.05  Sat Aug 19 01:01:11 UTC 2023
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) NVIDIA Unified Driver for all Supported NVIDIA GPUs
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) modesetting: Driver for Modesetting Kernel Drivers: kms
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) FBDEV: driver for framebuffer: fbdev
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) VESA: driver for VESA chipsets: vesa
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: xf86EnableIO: failed to enable I/O ports 0000-03ff (Operation not permitted)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading sub module "fb"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "fb"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module "fb" already built-in
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading sub module "wfb"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "wfb"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/libwfb.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module wfb: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 1.0.0
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org ANSI C Emulation, version 0.4
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) NVIDIA: Failed to initialize the NVIDIA kernel module. Please see the
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) NVIDIA:     system's kernel log for additional error messages and
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) NVIDIA:     consult the NVIDIA README for details.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) open /dev/dri/card0: No such file or directory
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) Falling back to old probe method for modesetting
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) open /dev/dri/card0: No such file or directory
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading sub module "fbdevhw"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "fbdevhw"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/libfbdevhw.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module fbdevhw: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 0.0.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org Video Driver, version 25.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Unable to find a valid framebuffer device
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) Falling back to old probe method for fbdev
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading sub module "fbdevhw"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) LoadModule: "fbdevhw"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Loading /usr/lib64/xorg/modules/libfbdevhw.so
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) Module fbdevhw: vendor="X.Org Foundation"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         compiled for 1.21.1.8, module version = 0.0.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:         ABI class: X.Org Video Driver, version 25.2
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) open /dev/fb0: No such file or directory
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: vesa: Refusing to run, Framebuffer or dri device present
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) modeset(G0): using drv /dev/dri/card1
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Screen 0 deleted because of no matching config section.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) UnloadModule: "modesetting"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Screen 0 deleted because of no matching config section.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) UnloadModule: "fbdev"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (II) UnloadSubModule: "fbdevhw"
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Device(s) detected, but none match those in the config file.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: Fatal server error:
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) no screens found(EE)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: Please consult the The X.Org Foundation support
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:          at http://wiki.x.org
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]:  for help.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Please also check the log file at "/var/lib/gdm/.local/share/xorg/Xorg.0.log" for additional information.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE)
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1594]: (EE) Server terminated with error (1). Closing log file.
Sep 26 12:51:09 localhost.localdomain /usr/libexec/gdm/gdm-x-session[1592]: Unable to run X server

Xionbox · September 26, 2023, 7:39pm

Well I’m not sure what happened but a zypper ref && zypper dup where I choose to remove the nvidia open-driver worked: I now have nvidia loaded.

╰─○ lsmod | grep nvidia
nvidia_drm             94208  1
nvidia_modeset       1556480  1 nvidia_drm
nvidia_uvm           3457024  0
nvidia              62717952  2 nvidia_uvm,nvidia_modeset
video                  77824  3 dell_wmi,i915,nvidia_modeset

Upon reboot, I enrolled the keys (as usual). Then, to check that things were working, I decided to boot in recovery mode with the latest kernel. After logging in, I realized that nvidia was not loaded, so I loaded it (modprobe nvidia) and then started gdm to see if X would start. When it did, I restarted the computer.
Upon restart, the resolution was laughing low. I opened a shell, saw that nvidia was not loaded, loaded it, logged out (which restarts gdm I think).
Once gdm restarted, the resolution was correct, and when I logged in, I ran glxgears that showed an FPS of 2121 FPS, something the Intel graphics cards couldn’t handle to my recollection.

There might be a better way to check that nvidia is correctly loaded.

Xionbox · September 27, 2023, 4:23pm

I answered too soon: I seem to be using the CPU for all rendering somehow?

$ glxinfo | grep 'OpenGL renderer string'
OpenGL renderer string: llvmpipe (LLVM 16.0.6, 256 bits)

On boot, the resolution is awful. I need to jump into the terminal and manually modprobe nvidia. Then I need to log out of my graphics session and log in again for the resolution to be usable. But it’s still not using nvidia I’m guessing.

If I type prime-select intel and restart GDM, then XOrg crashes because there’s a series of segfaults. If I type prime-select nvidia and restart, I just get stuck on a black screen with a terminal cursor on the top left of the screen blinking and doing nothing else.

After fifteen years of using opensuse, I wonder if I shouldn’t switch to another distro that’s more reliable. I’m so frustrated with this situation… All I need is to use my graphics card, why is this so hard in 2023? I remember it being a pain in 2007 with AMD cards but come on, nvidia cards are used for sooo much machine learning!