Nvidia Driver Installation with Secure Boot Support
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
Summary
Nvidia Drivers have been removed from GNOME Software because it didn't support Secure Boot which is increasingly often enabled. This change brings the option back for Fedora Workstation users with Secure Boot supported.
Owner
- Name: Jiří Eischmann
- Name: Milan Crha
- Email: eischmann@redhat.com
- Email: mcrha@redhat.com
Current status
- Targeted release: Fedora Linux 41
- Last updated: 2024-06-19
- Announced
- Discussion Thread
- FESCo issue:
- Tracker bug:
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
The goal of this change is to provide an easy way to install Nvidia drivers in Fedora Workstation. It was removed from GNOME Software because the original mechanism didn't support Secure Boot. When users installed the drivers with Secure Boot enabled, they could not boot the OS. What we're doing this time is using mokutil to create a key for the user to self-sign the drivers. When installing the drivers, the user is asked to provide a password for the key. On the next reboot the user is presented with the mokutil interface to enroll the key.
See the upstream merge request for more details and screenshots.
Feedback
Benefit to Fedora
The Nvidia drivers are necessary not only for gaming, but especially for CUDA and AI/LLM workloads. The Nvidia drivers can't be part of Fedora because of their license, but Fedora should offer an easy installation of them to stay relevant in the respective fields.
Scope
- Proposal Owners: The feature will be implemented in GNOME Software 47 and will be shipped in the gnome-software package in Fedora Linux 41.
- Other Developers: No work required from other Fedora developers. The only requirement outside of the scope of the proposal owners is to reintroduce AppStream metadata into the Nvidia driver repo on RPMFusion.org.
- Release Engineering:
- Policies and Guidelines:
- Trademark approval:
- Alignment with Community Initiatives:
Upgrade/compatibility impact
No impact is expected.
How To Test
1. Open GNOME Software.
2. Search for "nvidia".
3. Choose the Nvidia driver, click Install and follow the prompts.
4. Reboot and enroll the self-signing key in the mokutil tool following <<the documentation will be added>>
5. The OS should boot up with the Nvidia driver enabled.
User Experience
This change aims to improve user experience of installing the proprietary Nvidia driver.
Contingency Plan
If the feature is not implemented on time for Fedora Linux 41, we can simply remove AppStream metadata from the Nvidia driver repo and the driver will not show up in GNOME Software like in Fedora Linux 40.
Documentation
The GNOME Software part is intuitive and doesn't require documentation. The mokutil part is less intuitive and will be documented in the Fedora Workstation section on docs.fedoraproject.org. The docs are available in the Quick Docs: https://docs.fedoraproject.org/en-US/quick-docs/mok-enrollment/