Issues booting after trying to install nvidia drivers
Hi folks,
I have a problem, a big problem. I have posted a thread over at the Debian forums, but I'm unfortunately in a hurry (my workstation is bricked) so I'm going to cross-post it here ([email protected] kindly redirected me to this community for help).
I'm going to paste the text from the Debian help thread below, hopefully someone has an idea how I can pull myself out of this mess.
Quite a bit has happened, so I'll give you a short version with what I think is essential information, and if you need other details please do ask.
Essentially, I tried getting the nvidia driver on a fresh Trixie install using this tutorial (https://fostips.com/install-nvidia-driver-in-debian-13/). I reached the part where it says "After reinstalled the driver, restart your computer.", that's when the terminal turned blue and told me with big centered text that the free driver (?) was already installed and it's conflicting with the new one I am trying to install, but I just need to reboot in order to solve the conflict. So I rebooted and I was greeted by the following prompt.
This goes nowhere, it never boots into Debian. Thinking I had broken Debian, I thought to myself, no big deal, Debian had an issue anyways (see https://forums.debian.net/viewtopic.php?p=827488), I'll try another random distro (Bazzite) see if it helps. But after installing Bazzite over Trixie, I got the following prompts at boot :
(this one is a bit blurry, it says "Verification failed: (0x1A) Security Violation")
If I go for "Continue boot" it just cycles over and over again on these prompts. And I don't know what to make of the other choices here.
I can see it's related to the operation I did with the nvidia driver, but I don't understand how the problem wasn't solved by wiping my drive with another distro ? twice... now I have tried with Nobara as well, only to get the same prompts. How can I solve this issue ? my computer is bricked and I really hope that's fixable. Anyone has a clue ?
Like I said, don't hesitate to ask if there's something I haven't said...
Cheers,
Not the best advice but:
…Do you need secure boot? The absolute easiest solution would be to disable it in the BIOS, as it’s quite finicky. This is what I do.
When you get to the part of “enable no free repositories” in any distro to get Nvidia working, that’s code for “we don’t support Nvidia, we aren’t responsible for something breaking and you’re on your own.” Nobara is not a bad choice (as it does support Nvidia), but in general I’d recommend a distro with 1st party Nvidia support. Probably openSUSE if it’s a workstation. Long term, this is how you avoid Nvidia problems.
Again, I’m not trying to say “you’re linuxing wrong,” but with my lack of knowledge on secure boot, I’m emphasizing my extremely poor experience of distros that do not directly prioritize Nvidia support/fixes.
oh, but I am, lol. I am totally Linuxing wrong, I'm new to this thing, if you don't count my clumsy forays a decade or two ago. So your advice would be to go for a distro that bundles the nvidia drivers? I'm not sure what first-party means here?
In any case thanks for the clarification, and for the advice of disabling secureboot. As I said to a few other commenters already, it's disabled now and the system boots again. I have lots on my plate still, but at least this part is...... more or less solved. Cheers!
Yes, exactly. Specifically, I mean the Nvidia proprietary drivers are explicitly available in the repos and installed by default if detected, which is not the case on Debian apparently.
I'd recommend openSUSE or an Arch-based distro like CachyOS, both of which put great efforts into Nvidia support in my experience.
I heard about CachyOS from CGI peers, good words. I might try it next. Thanks again
I’ve been on Cachy (with Nvidia cards) for years, in fact the same partition/install for a long time. I don’t even mess with the system anymore; it just works.
I have zero inclination to distro hop.
That being said, any Arch based distro is hands on.
You should be vaguely familiar with your system (as in “I run KDE Wayland, I have an Nvidia card and AMD integrated graphics, I run pipewire audio and this brand of WiFi,” stuff like that).
When you update, you watch the console for warnings or instructions from the maintainers.
You read the Arch wiki, you make informed choices about what you install if you need, say, a working printer or a particular boot manager.
Stuff is less… preconfigured and staged than other distros, but the benefit is critical mass and problems getting fixed quick, as opposed to just living with them in other distros. CachyOS (which basically sits on top of Arch) helps a lot with this preconfiguration though, as I’ve loved all the tweaks/configs they ship.
Ok, I see. I like less hand-holding, as long as I know what I am doing a little bit. I heard how Arch was more barebones and the install process was a lot more manual. I guess I will play with it now that I have a windows-free drive sitting there...
You mention it's the same install, does that mean upgrades never break your system? I just read about btrfs and the possibility of making snapshots. Is it the same thing?
Fortunately CachyOS has an installer just like anything.
It’s really not that different. “Hands on” is kinda the wrong word, as is “less preconfigured” as I described it. I think the more accurate term is “requires passive attention.”
So in Ubuntu (back when I used it starting with Linux), it didn’t get a ton of updates outside security. It doesn’t change much. If something goes wrong, I troubleshoot and usually conclude… well, the bug is known, and something needs updating if I want it to work.
Then what? Do I roll the old package forward manually and basically maintain my own “patch” on the system? Do I maintain some weird custom workaround/install? I did a lot of both, and it both ate a ton of time and gradually broke my “easy don’t mess with it” system.
CachyOS is totally different. Unless a problem is my stupid fault, my troubleshooting process the past two years has been “flag if necessary, maybe roll back one version temporarily, and it gets fixed in days, if not hours”. But rarely (like less than seasonally), a package does get borked, or a text warning comes down the pipe like “we can’t automatically change this for you via pacman but you should really really change this config.”
That’s a perfect example of how Arch expects a basic level of attentiveness from the user. Nothing hard. But more than required for, say, Windows.
And the benefit (in my experience) is enormous.
I don’t mean to glaze Arch/Cachy so much. Other distros are similar, and I’d recommend trying openSUSE Tumbleweed in particular. The philisophy is similar, and SUSE does an outstanding job maintaining it.
Fuck secure boot, all my homies disable secure boot
security you don't understand is security you don't have
This probably won't help you now (unless you decide to re-install Debian) but just for reference Debian's wiki does have some very through documentation on the Nvidia driver installation process
https://wiki.debian.org/NvidiaGraphicsDrivers
Judging from your post / the wiki page, assuming you do have Secure Boot enabled it looks like you forgot to enroll the MOK before installing the Nvidia driver. The steps also mention using dracut to add a .conf to blacklist (disable) the default nouveau driver so typically that's done before your reboot.
PS - If you started out doing this with a fresh Trixie install would it be easy enough just to re-install and then re-do the Nvidia instructions? Plus technically if you wanted you could disable Secure Boot in your BIOS before the install and skip the extra Secure Boot configuration entirely.
Thanks for linking to the doc. I usually rtfm, not sure why I did not have that reflex here heheh.
Regarding the secureboot issue, I followed the instructions in the tutorial in the order they were presented to me. Maybe I did forget a step! I can't really say now. In any case, I disabled secureboot and it boots again. However would you say I should fix whatever I did with the MOK key? I can't tell if it's really serious. Or can I continue using my machine in this state? I mean, with secureboot disabled? Did I break something?
Yes indeed I will wipe everything from a live image and start over. However I will definitely try a different distro, one that bundles the drivers from the get-go, the reason is : I am trying to test my video card with Linux. I've been having intensifying issues and I suspect a hardware failure, but I couldn't be sure until I used the card with Linux and it exhibits similar symptoms. So that's what this whole thing is about.
Thanks a lot for the help. I was feeling very distressed yesterday, it's better now. Cheers
You can leave Secure Boot disabled IMO, it's kind of up to you. Either way if you're going to wipe and re-install then you can start over with or without Secure Boot - Just keep in mind you may need to perform extra steps if you opt to leave Secure Boot enabled.
yea I won't forget this episode heheheh. Thanks. I am writing this from Nobara 42. My machine is back in a working state (until I get to the crux of my issue, which is a hardware issue unfortunately). I cannot thank you enough (and the other folk). Cheers,
I agree with the other comments saying that you don't really need secure boot. But if you're like me, you might be tempted to get it to work anyway. In that case, here's a (hopefully) useful link.
Thanks a lot, yea even though I understand I can do without it, it's still somewhere in the back of my mind, unresolved.... for now I'll focus on getting my workstation up and running again (I have a graphics card failure on top of it all), but that link is safe in my bookmarks. Much appreciated !!
reposting my previous comment to help troubleshooters :
you done fucked up the secure boot settings I think. I am in no way qualified to help you.
I don't even understand how you can install a different OS. Work off a live USB if you even can.
As far as I understand this is the bit you fucked up. btw, the images in the debian forum post just show "filename1.jpg" as text and don't display. post on !/c/[email protected]
The install process for Bazzite and Nobara seemed to go without a hitch, made me think I was out of the woods...
I think you need to enroll the mok key. I hope you remember the password you set when going through those steps.
NB : I have no fucking idea on secure boot.
Ok, I will look this up and try to understand what it means. I do remember the pass I set, it's just my regular password. But not sure where to type it, because when I choose "enroll key from disk" it opens a file browser where I can navigate between my disks, then into the file systems...... but I don't know what I am looking for
I assume this file?
/var/lib/dkms/mok.pubyes, this is what I tried to find after going back through the tutorial steps. But this file path is the Linux filesystem right? I wiped the Debian earlier this afternoon (to try Bazzite, then Nobara), I imagine this file has been wiped with it?
Oh god no. I think you're fucked. Wait for someone who knows what the hell is going on and rephrase your problem as a secure boot issue
Mh, sounds like a bad omen... If I had to replace a part (hardware) to get it working, which one would it be?
Should I reinstall Grub ? from my searches I found this thread https://discussion.fedoraproject.org/t/unable-to-boot-after-importing-key-with-mokutil/155830
And this answer does a good job of explaining what MOK is. But it doesn't help me fully understand what is happening to my machine.