No edit summary |
|||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
= Nvidia Driver Installation with Secure Boot Support = | = Nvidia Driver Installation with Secure Boot Support = | ||
{{Change_Proposal_Banner}} | |||
== Summary == | == Summary == | ||
Nvidia Drivers have been removed from GNOME Software because it didn't support Secure Boot which is increasingly often enabled. This change brings the option back with Secure Boot supported. | Nvidia Drivers have been removed from GNOME Software because it didn't support Secure Boot which is increasingly often enabled. This change brings the option back for Fedora Workstation users with Secure Boot supported. | ||
== Owner == | == Owner == | ||
| Line 20: | Line 21: | ||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangeAnnounced]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
| Line 36: | Line 37: | ||
ON_QA -> change is fully code complete | ON_QA -> change is fully code complete | ||
--> | --> | ||
* Announced | * [https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/KT65NV5T26TUHOBIPZ3Z6NRXWRY6TDRL/ Announced] | ||
* Discussion Thread | * [https://discussion.fedoraproject.org/t/f41-change-proposal-nvidia-driver-installation-with-secure-boot-support-self-contained/120330 Discussion Thread] | ||
* FESCo issue: | * FESCo issue: | ||
* Tracker bug: | * Tracker bug: | ||
| Line 44: | Line 45: | ||
== Detailed Description == | == Detailed Description == | ||
<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | <!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | ||
The goal | The goal of this change is to provide an easy way to install Nvidia drivers in Fedora Workstation. It was removed from GNOME Software because the original mechanism didn't support Secure Boot. When users installed the drivers with Secure Boot enabled, they could not boot the OS. | ||
What we're doing this time is using mokutil to create a key for the user to self-sign the drivers. When installing the drivers, the user is asked to provide a password for the key. On the next reboot the user is presented with the mokutil interface to enroll the key. | What we're doing this time is using mokutil to create a key for the user to self-sign the drivers. When installing the drivers, the user is asked to provide a password for the key. On the next reboot the user is presented with the mokutil interface to enroll the key. | ||
| Line 75: | Line 76: | ||
== How To Test == | == How To Test == | ||
1. Open GNOME Software. | 1. Open GNOME Software.<br> | ||
2. | 2. Search for "nvidia".<br> | ||
3. Choose the Nvidia driver, click Install and follow the prompts. | 3. Choose the Nvidia driver, click Install and follow the prompts.<br> | ||
4. Reboot and enroll the self-signing key in the mokutil tool following <<the documentation will be added>> | 4. Reboot and enroll the self-signing key in the mokutil tool following <<the documentation will be added>><br> | ||
5. The OS should boot up with the Nvidia driver enabled. | 5. The OS should boot up with the Nvidia driver enabled.<br> | ||
== User Experience == | == User Experience == | ||
| Line 89: | Line 90: | ||
== Documentation == | == Documentation == | ||
The GNOME Software part is intuitive and doesn't require documentation. The mokutil part is less intuitive and will be documented in the Fedora Workstation section on docs.fedoraproject.org. The docs | The GNOME Software part is intuitive and doesn't require documentation. The mokutil part is less intuitive and will be documented in the Fedora Workstation section on docs.fedoraproject.org. The docs are available in the Quick Docs: https://docs.fedoraproject.org/en-US/quick-docs/mok-enrollment/ | ||
== Release Notes == | == Release Notes == | ||
Revision as of 11:32, 19 June 2024
Nvidia Driver Installation with Secure Boot Support
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
Summary
Nvidia Drivers have been removed from GNOME Software because it didn't support Secure Boot which is increasingly often enabled. This change brings the option back for Fedora Workstation users with Secure Boot supported.
Owner
- Name: Jiří Eischmann
- Name: Milan Crha
- Email: eischmann@redhat.com
- Email: mcrha@redhat.com
Current status
- Targeted release: Fedora Linux 41
- Last updated: 2024-06-19
- Announced
- Discussion Thread
- FESCo issue:
- Tracker bug:
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
The goal of this change is to provide an easy way to install Nvidia drivers in Fedora Workstation. It was removed from GNOME Software because the original mechanism didn't support Secure Boot. When users installed the drivers with Secure Boot enabled, they could not boot the OS. What we're doing this time is using mokutil to create a key for the user to self-sign the drivers. When installing the drivers, the user is asked to provide a password for the key. On the next reboot the user is presented with the mokutil interface to enroll the key.
See the upstream merge request for more details and screenshots.
Feedback
Benefit to Fedora
The Nvidia drivers are necessary not only for gaming, but especially for CUDA and AI/LLM workloads. The Nvidia drivers can't be part of Fedora because of their license, but Fedora should offer an easy installation of them to stay relevant in the respective fields.
Scope
- Proposal Owners: The feature will be implemented in GNOME Software 47 and will be shipped in the gnome-software package in Fedora Linux 41.
- Other Developers: No work required from other Fedora developers. The only requirement outside of the scope of the proposal owners is to reintroduce AppStream metadata into the Nvidia driver repo on RPMFusion.org.
- Release Engineering:
- Policies and Guidelines:
- Trademark approval:
- Alignment with Community Initiatives:
Upgrade/compatibility impact
No impact is expected.
How To Test
1. Open GNOME Software.
2. Search for "nvidia".
3. Choose the Nvidia driver, click Install and follow the prompts.
4. Reboot and enroll the self-signing key in the mokutil tool following <<the documentation will be added>>
5. The OS should boot up with the Nvidia driver enabled.
User Experience
This change aims to improve user experience of installing the proprietary Nvidia driver.
Contingency Plan
If the feature is not implemented on time for Fedora Linux 41, we can simply remove AppStream metadata from the Nvidia driver repo and the driver will not show up in GNOME Software like in Fedora Linux 40.
Documentation
The GNOME Software part is intuitive and doesn't require documentation. The mokutil part is less intuitive and will be documented in the Fedora Workstation section on docs.fedoraproject.org. The docs are available in the Quick Docs: https://docs.fedoraproject.org/en-US/quick-docs/mok-enrollment/