Comment # 24 on bug 1173682 from Martin Wilck

(In reply to Ricardo Minnaard from comment #18)
> How do the AMD drives solve this? Or do they have the same issue?

Every proprietary driver has the issue. It can be solved, but the solutions
differ between distros. Shipping binary drivers for all Linux distros is a huge
task, even for a big company (at my former employer we shipped only drivers for
SLE and RHEL, and that was already a lot of work). 

 > Not being able to run these drives is a disaster IMO. It sets Linux back
> several years. Yet I do understand the security trait off. I���m no developer,
> so I���m not going to lay down some hard critics.

I totally agree. The workaround is "disable secure boot". IIUC comment 17, the
other issue you had should be fixed soon, too.

> If it was up to me, I���d show a pop-up window or a big splash
> screen in the GUI informing a user the steps to take to get around this. A
> text somewhere in some release notes isn���t enough.

I agree. What we could have done out-of-the-box would be to display an "EULA"
at package installation time. ("EULA"s are not only for legal issues, they've
been used for technical warnings quite a few times). Unfortunately nobody
thought about that, and when we did it was too late. Apparently Nvidia+SB users
didn't take part in the beta testing. The only thing we could have done at the
time the issue came up was revert the change.

AFAIK Ubuntu "solves" this problem by not enabling module signing. It's a
trade-off between security and convenience, and SUSE and Ubuntu have different
positions in that area. 

I believe we should take a look at NVidia drivers for Fedora. Fedora has
enabled module signing long ago.