UPDATE: added kernel update notes

Just did this myself and wrote it down here. How to get your NVidia card working with NVidia drivers using UEFI secure boot. A compact list of commands to execute.

lcpci | grep -i nvidia

Identify model and download latest Linux drivers from NVidia.

Make a certificate, import it and reboot. We will use this key/cert with NVidia driver installer.

openssl req -new -x509 -newkey rsa:2048 -keyout /etc/pki/tls/private/nvidia.key -outform DER -out /etc/pki/tls/certs/nvidia.crt -nodes -days 36500 -subj "/CN=Graphics Drivers"
mokutil --import /etc/pki/tls/certs/nvidia.crt 
sync
reboot

dnf groupinstall "Development Tools"
dnf install libglvnd-devel elfutils-libelf-devel

This should be enough for latest CentOS / RHEL 8:

grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) nouveau.modeset=0"

The old way is to edit /etc/default/grub to add nouveau.modeset=0 in the end of line CRUBCMDLINELINUX so it looks like this:

GRUB_CMDLINE_LINUX="crashkernel=auto <stuff deleted from here> nomodeset quiet nouveau.modeset=0"

Feel free to do it since it makes no harm. Next make grub config:

grub2-mkconfig

Disable nouveau module by creating vim /etc/modprobe.d/nvidia.conf and adding:

blacklist nouveau
options nouveau modeset=0

And running:

dracut --force
sync
reboot

Use the credentials we created earlier to support secure boot. Answer “yes” to installation of NVIDIA's 32-bit compatibility libraries, overwrite existing libglvnd files and automatic update of your X configuration file.

systemctl isolate multi-user.target
sh NVIDIA-Linux-x86_64-440.82.run -s --module-signing-secret-key=/etc/pki/tls/private/nvidia.key --module-signing-public-key=/etc/pki/tls/certs/nvidia.crt 
reboot

If boot is not successful do:

systemctl restart systemd-logind
reboot

When a kernel update is due you need to do the following:

• Update kernel (and other packages)
• Reboot
• Run the previous NVIDIA install command
• Reboot

So start with update and reboot:

dnf update
reboot

Then log in again, open root shell and locate the previous install command:

history | grep NVIDIA

Here you get a list including the latest setup command in a line looking like this:

112  sh /home/user/Downloads/NVIDIA-Linux-x86_64-450.80.02.run -s --module-signing-secret-key=/etc/pki/tls/private/nvidia.key --module-signing-public-key=/etc/pki/tls/certs/nvidia.crt

Just re-run the command by typing the line number preceded by “!”:

!112

And have another reboot:

sync
reboot

That should cover the update procedure.

All comments and corrections are welcome.