On the other hand, why has nvidia made this so painful? Why should Fedora have to bend over backwards to deal with this one oddball driver? Why aren't you giving this complaint to nvidia instead of saying Fedora is harming their users?

I've been keeping an eye on Fedora Pagure # 155 and Red Hat Bugzilla # 1454824, but some of the off-topic comments in the recent "Deprecate Legacy BIOS" discussion did not encourage me that this process will be streamlined in Fedora anytime soon (I am aware of, and have used, the unofficial Copr repos for Fedora and EL, but I would like to see Fedoraland integrate that approach[1] or come up with something more elegant); if anything, I detected what could be construed as underlying disregard, if not disdain, from some towards Nvidia GPU owners (granted, Fedora users who own Nvidia GPUs are a minority, but not a fringe minority). At the time I was in the market, AMD was not a performant option for my needs, and I won't be returning to the market anytime soon; here is my apology to the Fedora Project and humanity for making what was at the time a sound purchasing decision. Perhaps I am no longer a good fit for Fedora, as I'm at a stage where taking extra steps to achieve expected functionality has largely lost its appeal. I hope this doesn't lead to a similar, though less widespread, situation as experienced when SELinux was more of an annoyance many years ago (and thus it was not uncommon to see people advise disabling SELinux), i.e. 'if you have an Nvidia GPU and want to jump through as few hoops as possible when using the proprietary driver, disable Secure Boot'.

I am not absolving Nvidia in this matter or other past matters (e.g. EGLStreams), but the Fedora Project, as a sizeable organization backed by Red Hat, is in a better position to have a conversation with Nvidia or work around Nvidia's BS to the widespread benefit of many than individual users without organizational backing are.

1. That is how openSUSE Leap and Ubuntu streamline the process; unless something has changed since I last checked, openSUSE Tumbleweed and Arch Linux don't require kernel module signing when using Secure Boot, so this is avoided.

Edit: I have not upgraded to Fedora 36 yet, but this may be (hopefully is) resolved now.[2][3]

Because reality? This isn't some random non-important no name peripheral. Your ability to display stuff on the screen is kind of important. Nvidia makes the overwhelming majority of dGPUs. You don't just give your users a shit experience in cases like this. You do what you reasonably can to make the experience good. And again, those things don't seem that hard. Fedora is already taking good steps in that direction with making RPM Fusion easier to enable and the driver installation from Gnome Software actually working (overall Gnome Software is quite solid compared to some other GUI 'app stores'). That isn't to say you shouldn't try to work with Nvidia so they can help make the process better too. And Red Hat folks are doing that as well.

There are substantial differences in what is enforced in Secure Boot in Fedora vs other distros. Details in https://mjg59.dreamwidth.org/12368.html.

Just one correction for the bit at the end. OpenSUSE doesn't load unsigned kernel modules anymore with Secure Boot enabled. But they do handle creating the keys and signing the kernel module automatically when you install the driver.

What are your impressions of T2SDE? I never understood what thy tangibly mean that it's a SDE not just another Linux distro!

Upgraded from Fedora 35 -> 36 this afternoon. This is in a VM located on a KUbuntu 22.04 host. All went well. This VM has been upgraded each iteration from F33. We've come a long way as I remember the upgrading try was just a precursor to wiping and installing the new revision! My DE is KDE.

What you describe would do a great service... to nVidia. Want to help the users? Tell them to stay as far as possible from nVidia until such time that company learns to play by Linux rules.

Editing my previous post to add the Koji links for the changelogs for akmods and kmodtool threw the post into moderation, but the quality of life patches should be available in the Fedora 36 builds of those packages for anyone using Secure Boot and needing to sign certain kernel modules (Nvidia, VirtualBox); I have not yet upgraded myself to see. Thank you to Nicolas Viéville and Stanislas Leduc for the patches, and thanks to Elia Geretto for the updated Copr repos while this was ongoing.

Nobody from Fedora should give a shit about nvidia and their crippled proprietary blobs. Even better if Fedora displays: you're using insecure, unsupported proprietary piece of sh*t. Better buy AMD or go with Intel integrated driver instead.