On 2021-10-17 11:57, Andreas Beckmann wrote:
Control: severity -1 normal
On 15/10/2021 19.42, Drew Parsons wrote:
I guess that reference to bss_file.c must be a clue, if not the
reference to the missing /root/dkms.key >
The 470.74/5.14.0-2 make.log in the error message shows no errors
itself, but the last line is
"Signing /var/lib/dkms/nvidia-current/470.74/build/nvidia.ko"
I think there are two bugs at work here and both are out of the scope
of the nvidia driver.
1. Signing the kernel module fails. That's probably your local
configuration that activates it, or do we have packages adding support
for that now? I've never looked into signing the kernel module.
I've set my computer with MOK signing so that the modules can load after
booting with Secure Boot, following the instructions at
https://wiki.debian.org/SecureBoot#MOK_-_Machine_Owner_Key
I'm not certain if that's the same signing that's causing the problem
here. I use nvidia in bumblebee mode (primusrun). That was a little
flakey, so in practice I signed the modules manually after upgrades to
be sure they were signed.
Can you send me your signing bits (and instructions how to generate a
key) s.t. I can try to rebuild that setup in a chroot in order to
reproduce the bug?
There are more signing instructions at
https://wiki.debian.org/SecureBoot#Using_your_key_to_sign_modules
I created /root/mok.priv and /root/mok.der
The script I've been using to sign the modules manually is
------------------------------------
cd /lib/modules
for mdir in */updates/dkms; do
cd $mdir
# get kernel version major.minor
kernel_version=$( echo $mdir | sed "s/\(.*\..*\)\..*/\1/" )
echo "signing modules for kernel ${kernel_version} in $PWD"
for k in *.ko; do
/usr/lib/linux-kbuild-${kernel_version}/scripts/sign-file sha256
/root/mok.priv /root/mok.der $k
echo " $k"
done
cd /lib/modules
done
-----------------------------------
That's still working, signing my last nvidia build. The modules on my
system that get signed are
bbswitch.ko
nvidia-current-drm.ko
nvidia-current-modeset.ko
nvidia-current-peermem.ko
nvidia-current-uvm.ko
nvidia-current.ko
2. dkms getting some hickup after the package configuration failed
(due to the signing failure) and not properly reinitializing on the
next attempt. (The relevant maintainer script bits should all come
from dh_dkms.)
Agreed, it sounds like that's what's happened. There was a problem at
some point (perhaps in the experimental package), and it hasn't been
able to recover.
The problem is still current, by the way, with 470.86-1
Should I try a complete nvidia purge and reinstall, or would it be
useful to keep my computer in a broken state for further debugging?
Drew
