My long learning curve with IncusOS installation continues.
I am using a Lenovo P350 Tiny. I have an RTL-8127 card which I know is supported in the Zabbly kernel. However, after I clear the keys in the BIOS and the IncusOS install USB adds its keys, once I turn Secure Boot back on and boot the IncusOS installer it won’t find my NIC. In fact, the card won’t show up in the BIOS boot selector menu for PXE either. Once I reset the keys to the factory defaults, the card reappears.
I have the Microsoft UEFI key option enabled in the BIOS.
Now I know there must be a sequence I can use which will allow IncusOS to install its keys and let me keep enough other keys for the UEFI BIOS to see the card. This is because about seven or eight install attempts ago when it was failing much earlier and going into emergency mode, and I could see the card recognised. I also see a couple of other posts from folks using the card.
I did read the entry specifically about Lenovo installs in the instructions but my BIOS doesn’t have the options it lists. Should I clear the TPM?
Any hints as to a sequence which might let me have both IncusOS and the necessary UEFI keys for the card to work? Is manual key entry the best option here?
If your BIOS lets you enroll keys without having to rely on setup mode, then a factory reset of the secureboot keys should get the Microsoft keys back in, then you can add the IncusOS keys on top of that. If it dosn’t and it only lets you do setup mode, then you’re going to be a bit out of luck there short of using a UEFI shell and some custom .efi binaries to load exactly what you want in there.
That said, while the lack of Microsoft keys would definitely explain your NIC disappearing from the boot options, it shouldn’t prevent the Linux kernel from detecting and loading its driver.
Thanks Stéphane. I agree it not showing in the boot menu shouldn’t stop the kernel seeing it, but it feels like it’s more than that.
Before I restored the factory MS keys, I booted a standard Ubuntu 24.04 Live USB (kernel 6.17, so after the card drivers were added) with Secure Boot enabled. Running lspci showed absolutely nothing in the PCIe slot (only the onboard Intel NIC appeared). If lspci can’t even see the hardware it seems like the Lenovo is somehow blocking or not initialising the card before the kernel even gets a chance to look for it.
I have now tried manually adding the IncusOS keys and the 10G card does not appear. I really need the 10G card on this node to work so I’m very disappointed (plus I’ve wasted days on this) but I’ll have to go back to standard Incus on Ubuntu.
Ah yeah, it missing from lspci is definitely quite weird… Maybe they do some very odd initialization through their firmware option ROM, but that would be very unusual as those ROMs are optional.
Note that you could probably get things working by disabling Secureboot and downloading an IncusOS image that allows running without Secureboot (degraded boot security under the Advanced options on the website).
Can you get the incus admin os system resources show in that scenario?
As I said, there are firmware files that may be needed for those NICs, so assuming that it’s now showing up on the PCI bus, we should be getting a kernel error complaining about firmware files, at which point we can trivially fix that in a new image.
No, it doesn’t complete the seeding so as far as I can tell the environment isn’t up. I didn’t remove the problem card from the seed and do yet another install I’m afraid - after days of trying to troubleshoot I needed to get the system reinstated. If I can find another opportunity to take the system offline I’ll see what I can get.
Is it useful to try your kernel against the card under Ubuntu? That’s much quicker and easier.
Edited to add - I got this from the Ubuntu Live environment which confirms your hypothesis..