Installing Nvidia driver on Ubuntu 16.04 with SecureBoot
Post date: Dec 04, 2017 2:19:46 PM
=== Ubuntu 16.04 supports UEFI (implemented by the creation of the ~200 MB EFI System Partition, i.e. ESP) and SecureBoot (required by Windows, and hence dual-boot)
=== An easy way to Install Nvidia driver on Ubuntu is to use the Graphics Drivers PPA (Personal Package Archives) as follows.
sudo add-apt-repository ppa:graphics-drivers/ppasudo apt-get update sudo ubuntu-drivers autoinstall
The public key of the ppa (in GnuPG, not OpenSSL) can be viewed using
apt-key list
apt-key adv <args to gpg>
The installation of nvidia kernel drivers/modules can be verified by listing
lspci -k
lsmod
and look for VGA, notice the Kernel driver in use and available Kernel modules, i.e. nvidia_387, nvidia_387_drm, nvidia_387_uvm, nvidia_387_modeset.
=== However, due to the SecureBoot feature, these kernel modules won't be installed at boot since they are not signed.
The instructions for doing so is available at the following link, and are reiterated/adapted here for convenience.
Create private (.priv) and public (in DER/binary format, i.e. .der) keys
openssl req -new -x509 -newkey rsa:2048 -keyout graphics.priv -outform DER -out graphics.der -nodes -days 36500 -subj "/CN=Graphics Drivers/"
Sign modules with keys. modinfo -n <module> gives the path to all the modules, e.g.
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./graphics.priv ./graphics.der $(modinfo -n nvidia_387)
This has to be redone for each new kernel update and can be automated by the attached script (graphics.sh)
Finally, import the public key to MOK (Machine Owner Key) manager and reboot
sudo mokutil --import graphics.der
reboot
and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures.
Note that there is also a script to automate the signing everytime the modules are updated in that link.
=== An example application for nvidia driver on Ubuntu is Pytorch:
pip install http://download.pytorch.org/whl/cu80/torch-0.2.0.post3-cp35-cp35m-manylinux1_x86_64.whl
pip install torchvision