UPDATE: added kernel update notes

Just did this myself and wrote it down here. How to get your NVidia card working with NVidia drivers using UEFI secure boot. A compact list of commands to execute.

lcpci | grep -i nvidia

Identify model and download latest Linux drivers from NVidia.

Make a certificate, import it and reboot. We will use this key/cert with NVidia driver installer.

openssl req -new -x509 -newkey rsa:2048 -keyout /etc/pki/tls/private/nvidia.key -outform DER -out /etc/pki/tls/certs/nvidia.crt -nodes -days 36500 -subj "/CN=Graphics Drivers"
mokutil --import /etc/pki/tls/certs/nvidia.crt 
dnf groupinstall "Development Tools"
dnf install libglvnd-devel elfutils-libelf-devel

This should be enough for latest CentOS / RHEL 8:

grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) nouveau.modeset=0"

The old way is to edit /etc/default/grub to add nouveau.modeset=0 in the end of line CRUBCMDLINELINUX so it looks like this:

GRUB_CMDLINE_LINUX="crashkernel=auto <stuff deleted from here> nomodeset quiet nouveau.modeset=0"

Feel free to do it since it makes no harm. Next make grub config:


Disable nouveau module by creating vim /etc/modprobe.d/nvidia.conf and adding:

blacklist nouveau
options nouveau modeset=0

And running:

dracut --force

Use the credentials we created earlier to support secure boot. Answer β€œyes” to installation of NVIDIA's 32-bit compatibility libraries, overwrite existing libglvnd files and automatic update of your X configuration file.

systemctl isolate
sh -s --module-signing-secret-key=/etc/pki/tls/private/nvidia.key --module-signing-public-key=/etc/pki/tls/certs/nvidia.crt 

If boot is not successful do:

systemctl restart systemd-logind

When a kernel update is due you need to do the following:

  • Update kernel (and other packages)
  • Reboot
  • Run the previous NVIDIA install command
  • Reboot

So start with update and reboot:

dnf update

Then log in again, open root shell and locate the previous install command:

history | grep NVIDIA

Here you get a list including the latest setup command in a line looking like this:

112  sh /home/user/Downloads/ -s --module-signing-secret-key=/etc/pki/tls/private/nvidia.key --module-signing-public-key=/etc/pki/tls/certs/nvidia.crt

Just re-run the command by typing the line number preceded by β€œ!”:


And have another reboot:


That should cover the update procedure.

All comments and corrections are welcome.

  • tips_and_howtos/nvidia_to_centos.txt
  • Last modified: 2021/10/24 13:51
  • (external edit)