Closed LukeShortCloud closed 3 months ago
Enroll key in MOK
Download the X.509 certificate public key
note: skip this step if using your own certificate
[NVIDIA 2019 for RHEL8](https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/NVIDIA2019-public_key.der): NVIDIA2019-public_key.der
[See table](https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/precompiled/) for supported kmod packages
Key is subject to change in a future release
mokutil
$ sudo mokutil --import *public_key.der
note: you will be asked to create a new password (between 1-256 characters)
$ sudo mokutil --list-new | grep Issuer
note: the key to be enrolled should be listed
UEFI environment
On the next reboot, the MOK management interface will load.
UEFI enroll in MOK
Press a key to continue.
Select enroll MOK
Select view key
Confirm the key is correct
Select yes to enroll the key into db
Input the password created from the mokutil step
Select reboot
The NVIDIA kernel modules will load
This allows for self-signed kernels and kernel modules to be trusted as part of the secure boot process.
https://github.com/NVIDIA/yum-packaging-precompiled-kmod/blob/main/UEFI.md