I found this post: nvidia-smi command not found Ubuntu 16.04 | Ask Ubuntu
Which says that with UEFI secure boot enabled nvidia-smi could not be found in Ubuntu:
$ nvidia-smi
nvidia-smi: command not found
Any idea on how to enable secure boot with NVIDIA driver functioning?
I found this article on solving the secure boot issue with virtual box, just still have little idea on how MOK manager works:
VirtualBox + Secure Boot + Ubuntu = fail | Øyvind Stegard blog
Try this:
Download the latest driver from the NVIDIA website: https://www.geforce.com/drivers.
Create a new pair of private key (Nvidia.key) and public key (Nvidia.der) by running the command:
openssl req -new -x509 -newkey rsa:2048 -keyout PATH_TO_PRIVATE_KEY -outform DER -out PATH_TO_PUBLIC_KEY -nodes -days 36500 -subj "/CN=Graphics Drivers"
Example:
openssl req -new -x509 -newkey rsa:2048 -keyout /home/itpropmn07/Nvidia.key -outform DER -out /home/itpropmn07/Nvidia.der -nodes -days 36500 -subj "/CN=Graphics Drivers"
Enroll the public key (nvidia.der) to MOK (Machine Owner Key) by entering the command:
sudo mokutil --import PATH_TO_PUBLIC_KEY
Example:
sudo mokutil --import /home/itpropmn07/Nvidia.der
This command requires you to create a password for enrolling. Afterwards, reboot your computer, in the next boot, when the system asks you to enroll, you enter the password you created in this step to enroll it. Read more: https://sourceware.org/systemtap/wiki/SecureBoot
For installing the NVidia driver for the first time, you need to disable the Nouveau kernel driver by entering the command:
echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf; sudo update-initramfs -u
Reboot.
Install the driver by entering the command:
sudo sh ./XXXXXX.run -s --module-signing-secret-key=PATH_TO_PRIVATE_KEY --module-signing-public-key=PATH_TO_PUBLIC_KEY
where:
XXXXXX: name of file installer (downloaded from NVIDIA).
PATH_TO_PRIVATE_KEY: full path to private key. If you place it in your home folder, use /home/USER_NAME/ instead of ~.
PATH_TO_PUBLIC_KEY: full path to public key. If you place it in your home folder, use /home/USER_NAME/ instead of ~.
Example:
sudo sh ./NVIDIA-Linux-x86_64-390.67.run -s --module-signing-secret-key=/home/itpropmn07/Nvidia.key --module-signing-public-key=/home/itpropmn07/Nvidia.der
Done.
Read more https://us.download.nvidia.com/XFree86/Linux-x86/319.32/README/installdriver.html
The recommendation from itpropmn07 works for me. There is one change I had to make which is the last step.
Instead of entering this command:
sudo sh ./XXXXXX.run -s --module-signing-secret-key=PATH_TO_PRIVATE_KEY --module-signing-public-key=PATH_TO_PUBLIC_KEY
I entered the command without -s:
sudo sh ./XXXXXX.run --module-signing-secret-key=PATH_TO_PRIVATE_KEY --module-signing-public-key=PATH_TO_PUBLIC_KEY
With this command I could interactively install the driver.
I was also able to successfully install the drivers using the method by @itpropmn07 with one slight change.
The mokutil --import did not work on my ASUS motherboard so I had to import the key from inside the UEFI interface.
This can be done by loading the .der file onto a USB drive and navigating to the Secure Boot > Key Management section and selecting the Append Default db option.
A popup will then ask if you want to append the system default db. Make sure to select No, which will then let you browse to your file on the USB drive. Choose key certificate blob as the selected file type. Finally, save and exit.
You can verify that the import was successful by running: mokutil --db
Note: it would be wise to backup your secure boot keys and have them stored somewhere safe in case something goes wrong. Use the 'Save Secure Boot Keys' option for that. When restoring the keys, use UEFI secure variable as the file type.
Reference: http://www.rodsbooks.com/efi-bootloaders/controlling-sb.html#setuputil
I usually have this problem when I update my BIOS, secure boot gets switched off and the enrolled keys get deleted. What works for me is to boot into Ubuntu with secure boot on, rebuild my kernel modules, reboot again, enroll the key, and reboot into Ubuntu. See this answer for a oneliner.
