• UPDATE: added Fedora 42 support
• UPDATE: added kernel update notes

Just did this myself and wrote it down here. How to get your NVidia card working with NVidia drivers using UEFI secure boot. A compact list of commands to execute.

lcpci | grep -i nvidia

Identify model and download latest Linux drivers from NVidia.

Add necessary software

dnf groupinstall "Development Tools"
dnf install libglvnd-devel elfutils-libelf-devel

Lets use rpmfusion here. Cuda is optional if need gpu for llm etc.

sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1
sudo dnf update
sudo dnf install gcc dkms make elfutils-libelf-devel bc tar xz perl which git
sudo dnf install akmod-nvidia xorg-x11-drv-nvidia-cuda #cuda is optional

Add dev tools to do secure boot handling.

sudo dnf install kmodtool akmods mokutil openssl

Make a certificate, import it and reboot. We will use this key/cert with NVidia driver installer.

This may work with RHEL / Centos as well.

kmodgenca -a
mokutil --import /etc/pki/akmods/certs/public_key.der
sync
reboot

openssl req -new -x509 -newkey rsa:2048 -keyout /etc/pki/akmods/private/private_key.priv -outform DER -out /etc/pki/akmods/certs/public_key.der -nodes -days 36500 -subj "/CN=Graphics Drivers"
mokutil --import /etc/pki/akmods/certs/public_key.der 
sync
reboot

Check that /etc/default/grub contains following (nouveau.modeset=0 may not be helpful but here anyway):

GRUB_CMDLINE_LINUX="<stuff deleted from here> rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nouveau.modeset=0"

grub2-mkconfig -o /boot/grub2/grub.cfg

Disable nouveau module by creating vim /etc/modprobe.d/nvidia.conf and adding:

blacklist nouveau
options nouveau modeset=0

sudo dracut --force
sudo sync
sudo reboot

If this does not produce nvidia driver enroll at boot, try explicit nvidia driver inclusion in dracut command:

sudo rm -f /usr/lib/dracut/dracut.conf.d/99-nvidia-dracut.conf
sudo dracut -fvv --add-drivers "nvidia nvidia-drm nvidia-modeset nvidia-uvm"
sudo sync
sudo reboot

If doing driver install from Nvidia downloaded driver. With Fedora we already did this with rpmfusion.

Use the credentials we created earlier to support secure boot. Answer “yes” to installation of NVIDIA's 32-bit compatibility libraries, overwrite existing libglvnd files and automatic update of your X configuration file.

systemctl isolate multi-user.target
sh NVIDIA-Linux-x86_64-440.82.run -s --module-signing-secret-key=/etc/pki/akmods/private/nvidia.key --module-signing-public-key=/etc/pki/akmods/certs/nvidia.crt 
reboot

If boot is not successful do:

systemctl restart systemd-logind
reboot

When a kernel update is due you need to do the following:

• Update kernel (and other packages)
• Reboot
• Run the previous NVIDIA install command
• Reboot

So start with update and reboot:

dnf update
reboot

Then log in again, open root shell and locate the previous install command:

history | grep NVIDIA

Here you get a list including the latest setup command in a line looking like this:

112  sh /home/user/Downloads/NVIDIA-Linux-x86_64-450.80.02.run -s --module-signing-secret-key=/etc/pki/akmods/private/nvidia.key --module-signing-public-key=/etc/pki/akmods/certs/nvidia.crt

Just re-run the command by typing the line number preceded by “!”:

!112

And have another reboot:

sync
reboot

That should cover the update procedure.

When a kernel update is due you need to do the following:

• Update kernel (and other packages)
• Reboot

If problems lets force module re-create and generate new initrd. Let it boot to text mode, wait and press alt-f2 and run:

sudo akmods --force --kernels "$(uname -r)"
sudo dracut --force /boot/initramfs-$(uname -r).img $(uname -r)
sudo reboot