I’ve been using Fedora for the best part of 4 months now, and one of the only gripes I had with the distro is that there wasn’t a way to automatically sign the NVIDIA kernel modules after each update, so users like me needed to either disable secure boot (which I could do, but didn’t want to because I’m stubborn and managed to make it work in every other distro I used) or manually sign the kernel modules after each driver and kernel update (which I made easier with a small script, but it still required basically two reboots and a bit of time).
Not. Anymore.
The process is made dead simple with the signed versions of kmodtool and akmods provided by Elia’s COPR repos. Just follow the guide and boom, you’re done. It’ll take less than 5 minutes.
The only catch is that, if you already have a kmod built for your kernel version you’ll have to rebuild it or uninstall the NVIDIA drivers and then reinstall them, which will do the same thing.
And now for the news.
The process gets even simpler in Fedora 36!
The patches applied to these packages in the COPR repos are merged upstream and will (if all goes well) be there with 36’s release (the related Bugzilla was closed for Rawhide last December, so all you’ll need to do is generate, sign and enroll your keys and then move them to the right location before installing the NVIDIA drivers / rebuilding your kmod modules.
I decided to make this PSA because I literally found their blog post by accident after 4 months of looking for a way to do this, so at least now more people will be aware of it.
Im done with NVIDIA, the overall support for Optimus cards. Im tired of dealing with it. Waiting for a nice Ryzen APU laptop. No more dual GPUs.
This post needs more attention; the number of guides and people i see online that claim this is still not possible easily or suggest disabling secureboot.
Just a heads up: be sure to encrypt your root directory if you do this. If you don’t someone with access to to the drive can extract the keys, sign their own code and bypass secureboot
