NVIDIA and Red Hat have partnered to bring continued improvements to the precompiled NVIDIA Driver introduced in 2020. Last month, NVIDIA announced that the open GPU driver modules will become the default recommended way to enable NVIDIA graphics hardware.
Today, NVIDIA announced that Red Hat is now compiling and signing the NVIDIA open GPU kernel modules to further streamline the usage for the Red Hat Enterprise Linux 9 OS and to provide a way forward for supporting Confidential Computing with NVIDIA hardware in the datacenter.
The signed open GPU drivers can now be installed and used without any extra key enrollment configuration. As with the current legacy precompiled packages, only the latest RHEL 9 kernel is supported at the time of the driver update.
Starting with RHEL 9.5, NVIDIA now offers a tech preview repository available for trial until April 30, 2025. This repository enables the usage of the open GPU driver and legacy driver (with caveats) using modularity streams.
After the tech preview ends, the signed kernel modules will be available in the NVIDIA Compute package repositories with the rest of the CUDA platform: CUDA-X acceleration libraries, CUDA-optimized applications, and frameworks.
For more information about modularity streams and how they work with the precompiled graphics driver, see Streamlining NVIDIA Driver Deployment on RHEL 8 with Modularity Streams.
Activating the tech preview
To use the signed NVIDIA open GPU driver modules, make sure that the Red Hat repositories are enabled, including RHEL9 AppStream, RHEL9 BaseOS, and RHEL9 CRB:
$ subscription-manager repos --enable=rhel-9-for-x86_64-appstream-rpms
$ subscription-manager repos --enable=rhel-9-for-x86_64-baseos-rpms
$ subscription-manager repos --enable=codeready-builder-for-rhel-9-x86_64-rpms
Add the CUDA network repository:
$ sudo dnf config-manager --add-repo=https://developer.download.nvidia.com/compute/cuda/preview/repos/rhel9/x86_64/
When the tech preview repository is activated, view the supported modularity streams:
$ dnf module list nvidia-driver
The tech preview provides the following new modularity streams:
latest-open-gpu<driver_version>-open-gpu
Install the latest stream to opt into the signed precompiled packages:
$ sudo dnf module install nvidia-driver:latest-open-gpu
Reboot and enjoy!
Important caveat with the tech preview repository
The legacy precompiled driver is also listed in the modularity streams:
nvidia-driver:latestnvidia-driver:latest-<major_version>nvidia-driver:<major_version>
These drivers have been signed by NVIDIA and require signing key enrollment. They install just fine without any warnings but upon reboot the NVIDIA graphics driver will not be available:
$ nvidia-smi
NVIDIA-SMI has failed because it couldn't communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.
Upon further inspection, the problem becomes clear:
# insmod /usr/lib/modules/5.14.0-503.16.1.el9_4.x86_64/extra/drivers/video/nvidia/nvidia.ko
insmod: ERROR: could not insert module /usr/lib/modules/5.14.0-503.16.1.el9_4.x86_64/extra/drivers/video/nvidia/nvidia.ko: Key was rejected by service
This happens because secure boot is enabled by default:
$ sudo mokutil --sb-state
SecureBoot enabled
This module has been signed by NVIDIA using a key that is not in the chain of trust:
$ modinfo /usr/lib/modules/5.14.0-503.16.1.el9_4.x86_64/extra/drivers/video/nvidia/nvidia.ko | grep signer
signer: NVIDIA
For more information about enrolling the NVIDIA signing key with mokutil, see UEFI Secure Boot on GitHub.
Installation
Install the tech preview repository on a host with secure boot enabled:
$ sudo dnf config-manager --add-repo=https://developer.download.nvidia.com/compute/cuda/preview/repos/rhel9/x86_64/
$ sudo dnf module install nvidia-driver:latest-open-gpu
$ sudo reboot
If you discover any issues with packaging, please report those problems to github.com/NVIDIA/yum-packaging-precompiled-kmod/issues.
This repository will be active until March 31, 2025.
Summary
Now with signed packages from NVIDIA and Red Hat, secure boot with NVIDIA on RHEL 9 is even better. You can look forward to more developments in this space.
The driver source code is available in the /NVIDIA/open-gpu-kernel-modules GitHub repo.
Packaging templates and instructions are provided on GitHub to enable you to maintain your own precompiled kernel module packages for custom kernels and derivative Linux distros:
To give feedback, send comments or report driver bugs. If you are not already a member, join the NVIDIA Developer Program.
