Secure Boot doesn't allow 'vboxdrv' module to load (now works for Ubuntu and Debian 10+ hosts)

https://www.virtualbox.org/ticket/11577?cversion=0&cnum_hist=21

 

These were the steps I followed, in order to solve it:

1) Create a personal public/private RSA key pair which will be used to sign kernel modules

?
1
2
3
mkdir /root/module-signing
cd /root/module-signing
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"

 

2) Sign the modules to the kernel

?
1
2
3
4
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetflt)
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetadp)
/usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxpci)

 

3) Use mokutil utily to do a request for enrolling the key so it can be trusted by the system and set a simple password

?
1
mokutil --import /root/module-signing/MOK.der

 

4) Reboot the system and enroll the key (Enroll MOK).

reboot

5) Do the following changes to the /usr/lib/virtualbox/vboxdrv.sh script

  • Backup the script: vboxdrv.sh cp -p /usr/lib/virtualbox/vboxdrv.sh /usr/lib/virtualbox/vboxdrv.sh.orig
  • Edit the script: /usr/lib/virtualbox/vboxdrv.sh
  • Comment lines: 98,99
     
    ?
    1
    2
    #DEB_PUB_KEY=/var/lib/shim-signed/mok/MOK.der
    #DEB_PRIV_KEY=/var/lib/shim-signed/mok/MOK.priv

    Change for:

    ?
    1
    2
    DEB_PUB_KEY=/root/module-signing/MOK.der
    DEB_PRIV_KEY=/root/module-signing/MOK.priv

     

  • Comment lines: 501,503

    ?
    1
    2
    3
    #kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv \
    # /var/lib/shim-signed/mok/MOK.der \
    # /lib/modules/"$KERN_VER"/misc/"$i".ko

    Change for:
    ?
    1
    2
    3
    /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 /root/module-signing/MOK.priv \
    /root/module-signing/MOK.der \
    /lib/modules/"$KERN_VER"/misc/"$i".ko

 

6) Run the command "/usr/lib/virtualbox/vboxdrv.sh setup"

root@mipc:~# /usr/lib/virtualbox/vboxdrv.sh setup
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
No DKMS packages installed: not changing Secure Boot validation state.

It will print the following some instructions you have to follow, it will probably ask you for the password you set when import MOK.der key in step (3)

COnfiguring UEFI Secure Boot - print1

Configuring UEFI Secure Boot - print2

 

6) verify the modules are loaded:

root@mipc:~# lsmod | grep box
vboxpci 28672 0
vboxnetadp 28672 0
vboxnetflt 32768 0
vboxdrv 487424 3 vboxpci,vboxnetadp,vboxnetflt

 

7) Before running virtualbox remember download the extention pack for the current virtualbox version.

?
1
VBoxManage extpack install --replace  Oracle_VM_VirtualBox_Extension_Pack-6.1.30-148432.vbox-extpack

 

8) With the local user run virtualbox

I hope it could helps you.

Thank you everyone for commenting.

posted @   张同光  阅读(94)  评论(0编辑  收藏  举报
相关博文:
· SecureBoot---debian---Oracle VM VirtualBox
· kernel module in UEFI secure boot --- insmod: ERROR: could not insert module lkm_hello.ko: Operation not permitted
· vrtualbox错误
· ubuntu下安装VirtualBox后无法启动。
· Ubuntu 24.04使用virtualBox启动虚拟机提示Kernel driver not installed的解决办法
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
点击右上角即可分享
微信分享提示