Yesterday I tried to install the latest NVIDIA drivers on my Linux Mint laptop (version 21.3, Cinnamon Edition) and my Driver Manager said that, since i have Secure Boot enabled, I had to create a Mok key for my drivers so I could use them with Secure Boot. So I created a password and restarted my PC. However, I didn’t know what to do in the MokManagement screen, so i turned off my PC and then turned it on again to be able to start over. After turning my PC on and off a few times to try a few different buttons thqt I ended up not understanding, I looked up a tutorial and tried to follow it. But when i clicked “Enroll MOK” this time, instead of showing “View Keys”, it asked if I wanted to delete my existing keys.
What should I do to get this to work? I turned off my PC after this and switched back to the open source drivers because, again, I had no idea what to do. Did I fuck up my drivers? Can I try to redo the process to make it work? What about the extra keys I created? I’m really confused. Thanks in advance.
I think when I messed it up, it worked when I tried switching to the proprietary drivers for the second time. I think you can try that without much risk.
In my case I ended up disabling Secure Boot anyway because it just got too annoying (a BIOS update breaking it was the final straw for me). The security benefit after you’ve enrolled a MOK seems dubious anyway. It would be nice if distros could ship signed kernels with the open-source Nvidia driver but I guess that’s not happening.
I forget what the order of operations is, but you didn’t fuck it up. I’ve deleted the keys and started over before, though I never got secure boot to work for me in the end. Hopefully somebody smarter can provide more insight.
Thank you for your answer. I just remembered I made some Timeshift backups before I tried to switch drivers. If I rollback to the backup will my keys be “overwritten” and I’ll be able to try to switch drivers again with no consequences?
Maybe? It depends what Timeshift was monitoring/backing up. In any case, the tool you used to generate the keys I believe has the ability to delete the keys (they’re just files on your system). Look up the documentation to be sure. It’s been a hot minute since I mucked around with Secure Boot, and it’s not strictly required, so I just gave up.
That’s about the extent of my secure boot knowledge. I do hope more knowledgeable people have better advice for you!
Will do, thanks!