Create an option to generate cert and sign nvidia kernel modules on secure boot #107
Comments
MysterHawk
changed the title
|
Thank you for reaching out with a feature request. Unfortunately, these steps are, to a great extent, subjective to the kernel which is installed on the user's device at a certain point in time - which would mean that these need to be run every after a kernel update as the secure boot signing would break in the absence of the older kernel where the sign was available. As much as I think that implementing this feature is well within the scope of the project, I also believe that this would lead to users making undue modifications to their system that they probably would have no idea about as this tool is targetted towards those who want to get things done quickly without looking into the technical aspect of it all. Technically-abled users should be able to find their way to mentioned guide on the RPM Fusion docs (i.e. https://rpmfusion.org/Howto/Secure%20Boot) and follow through the process by themselves. At the same time, I like to think that the users who are not very tech-savvy would not be bothered much by having the secure boot turned off, in my honest opinion. I am curious to know what you think. |
|
Sorry for the late answer @t0xic0der , It is true that this feature request is a bit more advanced that the others functionality of your application, but in a UEFI system your method to install nvidia drivers won't work, the users won't be able to understand withouth a bit of research what happend on the first boot (kernel modules not loaded...), I think that atleast for the UEFI user a warning is needed when the nvidia auto installer is launched, to explain briefly what needs to be done to make the uefi installation work, in my opinion after that an option to automate this would be pretty neet :) You only need to to this onetime, after that the system will sign automatically the driver updated for what I understand. nowadays have the secureboot enabled is a must unfortunately, if you are using windows 11 in dualboot windows will require it to work properly. |
|
@t0xic0der today secureboot option is works fine and we can present 2 options to users
THE reason I want this because "It is better sign your PC first and install next" otherwise you have to extra steps so that is why I think we need to make sure it is there and works fine" I tested a lot of times. Having sign first better because "other kmod drivers" also automatically works as well. |
No they don't (akmod keeps them updated) so it is VERY EASY |
Hi!
I've noticed a bug, the program is almost perfect but if I can add one thing, if you install the nvidia drivers and you have secure boot enabled, you will not be able to load nvidia kernel modules on boot, you have to sign them with a self generated certs that prove that those modules can be trusted.
This is the phrase that I would get on boot:
nvidia kernel module missing falling back to nouveau
I followed these steps to resolve the issue:
(the steps are taken from this answer https://ask.fedoraproject.org/t/installing-nvidia-drivers-on-a-fedora-36-in-dual-boot-with-windows-11-with-secure-boot-enabled/21532)
It would be nice to have implemented this feature :)
The text was updated successfully, but these errors were encountered: