Just did this myself and wrote it down here. How to get your NVidia card working with NVidia drivers using UEFI secure boot. A compact list of commands to execute.
lcpci | grep -i nvidia
Identify model and download latest Linux drivers from NVidia.
Add necessary software
dnf groupinstall "Development Tools" dnf install libglvnd-devel elfutils-libelf-devel
Lets use rpmfusion here. Cuda is optional if need gpu for llm etc.
sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 sudo dnf update sudo dnf install gcc dkms make elfutils-libelf-devel bc tar xz perl which git sudo dnf install akmod-nvidia xorg-x11-drv-nvidia-cuda #cuda is optional
Add dev tools to do secure boot handling.
sudo dnf install kmodtool akmods mokutil openssl
Make a certificate, import it and reboot. We will use this key/cert with NVidia driver installer.
This may work with RHEL / Centos as well.
kmodgenca -a mokutil --import /etc/pki/akmods/certs/public_key.der sync reboot
openssl req -new -x509 -newkey rsa:2048 -keyout /etc/pki/akmods/private/private_key.priv -outform DER -out /etc/pki/akmods/certs/public_key.der -nodes -days 36500 -subj "/CN=Graphics Drivers" mokutil --import /etc/pki/akmods/certs/public_key.der sync reboot
Check that /etc/default/grub contains following (nouveau.modeset=0 may not be helpful but here anyway):
GRUB_CMDLINE_LINUX="<stuff deleted from here> rd.driver.blacklist=nouveau modprobe.blacklist=nouveau nouveau.modeset=0"
grub2-mkconfig -o /boot/grub2/grub.cfg
Disable nouveau module by creating vim /etc/modprobe.d/nvidia.conf and adding:
blacklist nouveau options nouveau modeset=0
sudo dracut --force sudo sync sudo reboot
If this does not produce nvidia driver enroll at boot, try explicit nvidia driver inclusion in dracut command:
sudo rm -f /usr/lib/dracut/dracut.conf.d/99-nvidia-dracut.conf sudo dracut -fvv --add-drivers "nvidia nvidia-drm nvidia-modeset nvidia-uvm" sudo sync sudo reboot
If doing driver install from Nvidia downloaded driver. With Fedora we already did this with rpmfusion.
Use the credentials we created earlier to support secure boot. Answer βyesβ to installation of NVIDIA's 32-bit compatibility libraries, overwrite existing libglvnd files and automatic update of your X configuration file.
systemctl isolate multi-user.target sh NVIDIA-Linux-x86_64-440.82.run -s --module-signing-secret-key=/etc/pki/akmods/private/nvidia.key --module-signing-public-key=/etc/pki/akmods/certs/nvidia.crt reboot
If boot is not successful do:
systemctl restart systemd-logind reboot
When a kernel update is due you need to do the following:
So start with update and reboot:
dnf update reboot
Then log in again, open root shell and locate the previous install command:
history | grep NVIDIA
Here you get a list including the latest setup command in a line looking like this:
112 sh /home/user/Downloads/NVIDIA-Linux-x86_64-450.80.02.run -s --module-signing-secret-key=/etc/pki/akmods/private/nvidia.key --module-signing-public-key=/etc/pki/akmods/certs/nvidia.crt
Just re-run the command by typing the line number preceded by β!β:
!112
And have another reboot:
sync reboot
That should cover the update procedure.
When a kernel update is due you need to do the following:
If problems lets force module re-create and generate new initrd. Let it boot to text mode, wait and press alt-f2 and run:
sudo akmods --force --kernels "$(uname -r)" sudo dracut --force /boot/initramfs-$(uname -r).img $(uname -r) sudo reboot