[SOLVED] NVIDIA 580.x + Kernel 7.0 incompatibility on Trixie

[crazywolf13]

Has anyone got any idea for my seeminly hopeless situation with nvidia drivers on the proxmox host?

Hardware: GTX 1060 (Pascal) + GTX 180 Ti (Kepler)
PVE version: 9.1.2


The problem: Nvidia Driver 580.x is the last series supporting Pascal/Kepler hardware.
It builds fine on kernel 6.17 but since proxmox updated to kernel 7.0 it fails due to VMA locking API changes (VMA_LOCK_OFFSET removed, __is_vma_write_locked signature changed in mmap_lock.h).


The repositorys

• The debian12 CUDA repo has 580.x but is signed with a SHA1-bound key, which trixie's sqv rejects since Feb 2026
• The debian13 CUDA repo has working signing but no 580.x, only newer driver series that dropped Pascal/Kepler support
• The debian 13 repo has only driver 550 which is too far outdated and I had issues with it

What I think to do:
Pin the kernel to 6.17.13-7-pve and held kernel 7.0 packages, but due to exploits, I don't really wanna do that?
Also what would be the suggested way to do this?

1. Is there a patched 580.x build anywhere that supports kernel 7.0's new VMA API?
2. Is there a plan for the debian13 CUDA repo to carry 580.x for legacy hardware?
3. Any other suggested approach for Pascal/Kepler on PVE trixie long-term?

 

[czechsys]

Try this parameter in the nvidia apt repository configuration for SHA1 problem:

Allow-Insecure: yes

 

[crazywolf13]

@czechsys

Thanks, I tried with that parameter and got the following error:

Err:5 https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64  InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EB693B3035CD5710E231E123A4B469963BF863CC is not bound:            No binding signature at time 2026-05-08T15:21:05Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Hit:7 http://download.proxmox.com/debian/pve bookworm InRelease
Warning: OpenPGP signature verification failed: https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64  InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EB693B3035CD5710E231E123A4B469963BF863CC is not bound:            No binding signature at time 2026-05-08T15:21:05Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z
Error: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64  InRelease' is not signed.
Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.

after also adding trusted: yes I got only a warning:

Warning: OpenPGP signature verification failed: https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64  InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EB693B3035CD5710E231E123A4B469963BF863CC is not bound:            No binding signature at time 2026-05-08T15:21:05Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

After this I was able to update just fine, thanks a lot!