Yuan Yijun (bbbush) wrote,
Yuan Yijun

Installed nvidia driver

Since Fedora 28 wayland is crashing for me (Dell m4700 with external monitor), I got some time to try the nvidia GPU driver. At first I looked at https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ which shows the actual output when installed: in "About" page it will show the nvidia card name. Then since it is easier to install from RPM Fusion, I followed https://rpmfusion.org/Howto/NVIDIA. The document is concise but helpful. For example, when it says "Secure Boot" has issue, then it is best turned off in BIOS. For another example, when it says "Wayland" has issue and must install something from Copr, indeed that is the case. Also the "grubby" command to update kernel command line is helpful too.

I followed another article https://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/ to sign the modules. First create a key, then register the key to UEFI, I never did this before. I cannot find the keyring ".system_keyring" but /proc/keys shows something else.

[root@m4700 ~]# cat /proc/keys |grep trust
086fc70c I------     2 perm 1f0b0000     0     0 keyring   .builtin_trusted_keys: 1
3a3ece32 I------     1 perm 1f0f0000     0     0 keyring   .secondary_trusted_keys: 6
[root@m4700 ~]# keyctl list %:.secondary_trusted_keys
6 keys in keyring:
141543180: ---lswrv     0     0 keyring: .builtin_trusted_keys
519723937: ---lswrv     0     0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
425639263: ---lswrv     0     0 asymmetric: m4700: e9b8a7dceb32dbad7203e4f126927614ef8d749f
366180860: ---lswrv     0     0 asymmetric: vbox sining key: 71bb96ac139d95a88e376b3549f18b5b6e7a6731
511921353: ---lswrv     0     0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
711259049: ---lswrv     0     0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
[root@m4700 ~]# keyctl list %:.builtin_trusted_keys
1 key in keyring:
914482814: ---lswrv     0     0 asymmetric: Fedora kernel signing key: 2285ad1ee22995954b75925873d046bfaab640a0

Run "akmods" to build modules. There used to have an error "systemd-modules-load" but after all modules are signed, reboot and the modules seem to load properly.

# rpm -qa | grep ^kmod | xargs rpm -ql | grep .ko$ | xargs -l /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der

I don't know after a new kernel is installed, how much will break. Need to build modules again, sign them and update grub?

edit: updated a kernel and the packages are built automatically. I only need to sign it and it seems grub is fine, may need to rebuilt dracut image to get rid of the early load kernel module warning.

edit: single line script

# uname_r=$(rpm -q --qf="%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel | sort -V | tail -n 1); akmods --kernel $uname_r; rpm -qa kmod-* |
  xargs -l rpm -ql |grep .ko$ |
  xargs -l /usr/src/kernels/${uname_r}/scripts/sign-file sha256 ./MOK.priv ./MOK.der && dracut --kver $uname_r -f

Tags: fedora, 小东西

  • 2020

    Last time I wrote a review was in 2018, about 2017. Or maybe I wrote something elsewhere, maybe on Twitter? It was hard to write something freely…

  • Feedback letter to Peoples Gas[1]

    Credit report dispute. To whom it may concern: I called at around 5pm, and the receptionist cannot figure it out why I had a "late…

  • 循序渐进

    ZR 说,你教小宝滑雪,一定要让他先体会到乐趣,不然他不肯学的。于是他教了小宝很久,果然教会了,小宝玩得特开心。 DL 说,你跑步,一开始不要跑那么快,太累。保持自己的节奏,能一边跑一边说话是最好。跑得太累,以后就不愿意来跑了。 CC…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded