Yuan Yijun (bbbush) wrote,
Yuan Yijun

Installed nvidia driver

Since Fedora 28 wayland is crashing for me (Dell m4700 with external monitor), I got some time to try the nvidia GPU driver. At first I looked at https://www.if-not-true-then-false.com/2015/fedora-nvidia-guide/ which shows the actual output when installed: in "About" page it will show the nvidia card name. Then since it is easier to install from RPM Fusion, I followed https://rpmfusion.org/Howto/NVIDIA. The document is concise but helpful. For example, when it says "Secure Boot" has issue, then it is best turned off in BIOS. For another example, when it says "Wayland" has issue and must install something from Copr, indeed that is the case. Also the "grubby" command to update kernel command line is helpful too.

I followed another article https://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/ to sign the modules. First create a key, then register the key to UEFI, I never did this before. I cannot find the keyring ".system_keyring" but /proc/keys shows something else.

[root@m4700 ~]# cat /proc/keys |grep trust
086fc70c I------     2 perm 1f0b0000     0     0 keyring   .builtin_trusted_keys: 1
3a3ece32 I------     1 perm 1f0f0000     0     0 keyring   .secondary_trusted_keys: 6
[root@m4700 ~]# keyctl list %:.secondary_trusted_keys
6 keys in keyring:
141543180: ---lswrv     0     0 keyring: .builtin_trusted_keys
519723937: ---lswrv     0     0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
425639263: ---lswrv     0     0 asymmetric: m4700: e9b8a7dceb32dbad7203e4f126927614ef8d749f
366180860: ---lswrv     0     0 asymmetric: vbox sining key: 71bb96ac139d95a88e376b3549f18b5b6e7a6731
511921353: ---lswrv     0     0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
711259049: ---lswrv     0     0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
[root@m4700 ~]# keyctl list %:.builtin_trusted_keys
1 key in keyring:
914482814: ---lswrv     0     0 asymmetric: Fedora kernel signing key: 2285ad1ee22995954b75925873d046bfaab640a0

Run "akmods" to build modules. There used to have an error "systemd-modules-load" but after all modules are signed, reboot and the modules seem to load properly.

# rpm -qa | grep ^kmod | xargs rpm -ql | grep .ko$ | xargs -l /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der

I don't know after a new kernel is installed, how much will break. Need to build modules again, sign them and update grub?

edit: updated a kernel and the packages are built automatically. I only need to sign it and it seems grub is fine, may need to rebuilt dracut image to get rid of the early load kernel module warning.

edit: single line script

# uname_r=$(rpm -q --qf="%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel | sort -V | tail -n 1); akmods --kernel $uname_r; rpm -qa kmod-* |
  xargs -l rpm -ql |grep .ko$ |
  xargs -l /usr/src/kernels/${uname_r}/scripts/sign-file sha256 ./MOK.priv ./MOK.der && dracut --kver $uname_r -f

Tags: fedora, 小东西

  • 看了变形金刚

    * 广告 * 姑妄言之,姑妄听之。原始的能量不一定就是 恶 的能量 * 视角问题,很多东西需要故意安排得不成比例 * 被掐掉了很多细节,方块到哪儿去了? <= 谁让我看的是 天威在线 的视频 :( <= 假如全长的版本也看不清楚就太过分了 *…

  • BP 1st year

    Basic Program is a reading program from UChicago. The information can be found here [1] and currently it is open for signing up for the next year…

  • 2020

    Last time I wrote a review was in 2018, about 2017. Or maybe I wrote something elsewhere, maybe on Twitter? It was hard to write something freely…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded