How to install NVIDIA drivers on Fedora Silverblue 43 (with Secure Boot)
Setting up NVIDIA drivers on an atomic desktop like Fedora Silverblue can be daunting, especially with Secure Boot enabled. In reality, it’s a straightforward, one-time process.
Overview
Since Fedora Silverblue is an atomic system with a read-only core, installing NVIDIA drivers involves “layering” them on top of the base OS using rpm-ostree. Secure Boot blocks any hardware driver it doesn’t recognize, meaning you must create a digital signature and register it with your computer’s BIOS. Once this trust is established, the system can automatically sign the proprietary NVIDIA driver during installation and load it.
Guide
1. Update your system
Before layering packages, ensure your base system is up to date. We want to be running the latest kernel.
1
2
3
sudo rpm-ostree upgrade
# If updates were applied, reboot now:
systemctl reboot
2. Enable RPM Fusion
Fedora does not ship proprietary drivers, therefore we need to enable the RPM Fusion repositories (both free and non-free).
1
2
3
sudo rpm-ostree install \
https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
Command sourced from the RPM Fusion Configuration Guide
3. Install build tools
To compile the NVIDIA kernel modules locally, we need specific build tools and the signing utilities for Secure Boot.
1
sudo rpm-ostree install kmodtool akmods openssl rpmdevtools mock
Important: You need to reboot after this step, unless you use --apply-live. Otherwise the commands below won’t work, as the tools aren’t present in the current environment.
4. Generate and import a Secure Boot key
We must create a cryptographic key to sign the drivers, then import it into shim.
Generate the key:
1
sudo kmodgenca -a
Import it:
1
sudo mokutil --import /etc/pki/akmods/certs/public_key.der
You will be asked to create a temporary password. Remember this! You will need it in the next step.
Process courtesy of roworu
5. Reboot & enroll key
Reboot your computer now.
1
systemctl reboot
Upon booting, you will see a blue screen labeled “Shim UEFI key management”. Tenk fort:
- Press any key to enter the menu.
- Select Enroll MOK.
- Select Continue.
- Select Yes.
- Enter the password you created in Step 4.
- Select Reboot.
If you miss this screen, the key won’t be trusted, and the driver will fail to load.
6. Install the NVIDIA drivers
Now that our signing key is enrolled, we can layer the actual drivers. This command installs the driver, CUDA libs, and hardware acceleration support.
1
sudo rpm-ostree install akmod-nvidia xorg-x11-drv-nvidia xorg-x11-drv-nvidia-cuda xorg-x11-drv-nvidia-cuda-libs libva-nvidia-driver.{i686,x86_64} xorg-x11-drv-nvidia-libs.{i686,x86_64}
It’s expected that this command takes some time to finish.
We also need to modify kernel arguments to prevent the open-source nouveau driver from conflicting with NVIDIA.
1
sudo rpm-ostree kargs --append=rd.driver.blacklist=nouveau --append=modprobe.blacklist=nouveau --append=rd.driver.blacklist=nova_core --append=modprobe.blacklist=nova_core
Sourced from RPM Fusion NVIDIA HOWTO
7. Final reboot
Reboot your system one last time to boot into the new deployment with the drivers installed.
Once logged in, verify the installation:
1
2
modinfo -F version nvidia
# Should return the driver version (e.g., 565.xx)
Have fun gaming!
Troubleshooting
If nvidia-smi returns an error, check if the key was enrolled correctly:
1
mokutil --list-enrolled
If you don’t see your key (often labeled with your username/hostname), repeat Step 4 and 5.
You could also try reinstalling the drivers (step 6) and waiting at least 5 minutes before rebooting. Sometimes the kernel modules compile in the background.