I’m trying to sign my nvidia drivers and generated a public and private key like mentioned at the fedora documentation.
I also enrolled it and signed the kernel at installation of nvidia drivers, but I think the key wont load into the system key ring.
For modules built by akmods, like the nvidia drivers, the steps in /usr/share/doc/akmods/README.secureboot are all that are required to properly sign the modules and enable bios to verify them.
The command kmodgenca that is given in that readme creates the file referenced by Vladislav above.
Note that if secure boot is enabled the enrolled key is checked against the module, if secure boot is disabled the module is not checked.
Sorry, I think I was a bit unclear.
I need to use the official nvidia driver from their website, because of Davinci Resolve, so I made own keys using openssl.
Omg, I found the issue!
Its not my foult but I think of Nvidia?
Problem is, all modules were installed to /lib/modules/6.2.9-200.fc37.x86_64/extra/
But if fedora trys to start the modules, it looks at /lib/modules/6.2.9-200.fc37.x86_64/kernel/drivers/video/
So I simply copied all modules to this folder and it works, also after a restart.
what the hack
I’m not sure if its a problem of fedora, not looking at the right folders or of nvidia?
Maybe I can report this issue to one of them.
(but the key is still not listet at builtin_trusted_keys and secondary_trusted_keys )
It might have helped if the Fedora documentation mentioned the use of dkms to install 3rd party drivers from source. For someone who has never build modules from source, the need for depmod is well-hidden:
The above mentioned documentation is Fedora-specific, and refers to Module HOWTO which is a more generic linux document. depmod gets mentioned in the list of modutils programs under LKM Utilties as:
)