Nvidia, silverblue, and secure boot

I was able to get nvidia proprietary drivers working on silverblue, but secure boot doesn’t seem to work.

I followed the steps here to import the generated key:

I see this in the logs:
systemd[1]: akmods.service - Builds and install new kmods from akmod packages was skipped because of a failed condition check (ConditionPathExists=!/run/ostree-booted).

With respect to Silverblue, when in the install process was it expected for the kernel modules to be signed?
(I do see the generated key imported by mokutil)
Was it supposed to be part of the systemd process that seems to be disabled because it is running on Silverblue/ostree?

I see nvidia kernel modules here:
realpath nvidia.ko.xz
(on the ro partition /usr)

Is this kernel module not getting signed because it isn’t signed as part of building it in akmods?

Is the gap here because the expectation of the design of akmods is that it can sign the kernel as part of a systemd one-shot service and that is fundamentally incompatible with the design of Fedora Silverblue’s ReadOnly /usr partition?

Some breadcrumbs I found researching this:


This is currently tracked in [BUG] Akmods does not sign compiled module when using rpm-ostree · Issue #272 · fedora-silverblue/issue-tracker · GitHub