|
|
|
|
|
|
by westurner
1019 days ago
|
|
|
NVIDIA GPU Linux kernel modules must be self-signed to work with SecureBoot enabled; they must be self-signed every time they're updated by an akmod package upgrade. So, it is necessary to remove the MS SecureBoot ~CApubkey and add the OS and local ~CApubkeys to the SecureBoot cert list with BIOS, and re-sign every module install|&build in order to work with NVIDIA (and probably also AMD?) in containers. It's necessary and a fair expectation that users will continue to be able to remove and add x86-64 SecureBoot bootloader signing keys. |
|
|