37

I started using Centos 8 recently, and I installed VirtualBox to manage my virtual machines, the problem that I encountered with is that my VirtualBox couldn't boot any VMs and it told me to execute this script /sbin/vboxconfig as root, when I run this script the following message appears :

vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
  vboxdrv vboxnetflt vboxnetadp vboxpci
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.  If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.

Note that my secure boot is enabled. My question is how to sign these kernel modules in Centos 8 ?

Community
  • 1
  • 1
Younes LAB
  • 1,136
  • 1
  • 9
  • 16
  • 15
    Would someone from the elite, who tagged this question as "This question does not meet Stack Overflow guidelines" care to tell us below why s/he did so? This is a perfect SO question with me and I'm happy that I found it because it helped me. Care to leave a note of explanation here moderator? – Tomáš Pospíšek Nov 16 '21 at 21:55
  • 4
    I agree with you, It took for me hours to find this response and share it in the forum, I hope someone will tell us why they did that. Thanks – Younes LAB Nov 17 '21 at 09:21
  • 1
    Imho this question should be moved to SuperUser because it is not about programming – pietrodito Jul 30 '22 at 16:38
  • @TomášPospíšek I'm not sure, but I do notice a [very similar Ubuntu question](https://stackoverflow.com/questions/8188222/virtualbox-initialization-got-error?rq=1) is still open. That was asked 11 years earlier, though so it's possible SO policies have changed. – Isikyus May 23 '23 at 05:10
  • 1
    Seconded, @TomášPospíšek., YounesLAB. This answer saved my ass, and I'd _already_ spent hours trying to work out the solution. This *_MOD_* shouldn't meet Stack Overflow guidelines. Thanks to both of you! – NerdyDeeds May 28 '23 at 18:26

3 Answers3

60

After some research, I found the solution.

Solution 1 : disable secure boot.

Solution 2 :

1- Install mokutil package

sudo dnf update
sudo dnf install mokutil

2- Create RSA key under new folder.

sudo -i
mkdir /root/signed-modules
cd /root/signed-modules
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"
chmod 600 MOK.priv

3- This command will ask you to add a password, you need this password after the next reboot.

sudo mokutil --import MOK.der

4- Reboot your system and a blue screen appear, select Enroll MOK --> Continue --> put the previous password and your system will start.

5- Put the previous cmmands in a script to run it later (after system update)

cd /root/signed-modules
vi sign-virtual-box

Add the following cmd to this script :

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

Use the below to find signfile if the above fails & edit script accordingly.

find /usr/src -name sign-file

5- Add exec permission and run the script

chmod 700 sign-virtual-box
./sign-virtual-box

6- Launch VirtualBOx

modprobe vboxdrv

For more info see this link (for ubuntu users) https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/

Michael Hays
  • 2,947
  • 3
  • 20
  • 30
Younes LAB
  • 1,136
  • 1
  • 9
  • 16
  • 2
    Last step: update-initramfs -u -k all && reboot – Dunaevsky Maxim Sep 26 '20 at 09:17
  • $ sudo cd /root/signed-modules sudo: cd: command not found $ sudo /root/signed-modules sudo: /root/signed-modules: command not found After typing the command as recommended by you i am getting the error. – lovalim Jan 03 '21 at 10:51
  • @lovalim You can do `sudo -i` to login as root user and then do `cd ...`. – Ajeet Shah Jun 12 '21 at 10:16
  • Just follow as discribed, it will boot up and may hit an error, that due to signing. follow the link below https://askubuntu.com/a/996685/771371 – S.Roshanth Dec 21 '21 at 04:59
  • 1
    Maybe the above command "find /usr/src -name signfile" should be "find /usr/src -name sign-file"? – Gerald Schade Dec 24 '21 at 09:54
  • Ubuntu 23 Additional Info: 1. It is possible you will need to use `apt` instead of `dnf` (as in `sudo dnf install mokutil`). 2. If `sudo -i` doesn't work for you, switch to the root account (`su`) and repeat steps 2 onwards. 3. If you're not comfy in vi/vim, use `nano sign-virtual-box` instead 4. "Edit script accordingly" means you need to replace `/usr/src/kernels/$(uname -r)/scripts/sign-file` with the results of the `find` (or just replace it with `"$(find /usr/src -name sign-file)"` outright. It's important you actually update the script. Do not simply try to run the commands. – NerdyDeeds May 28 '23 at 18:50
  • I find that I have to use a different MOK key, the one the system provides at /var/lib/shim-signed/mok/MOK.der so therefore I have to use the command `mokutil --import /var/lib/shim-signed/mok/MOK.der` and alter the script to use the .der and .priv file at that path instead. Otherwise /sbin/vboxconfig fails because it tries to use its own key (at that location, as defined in /usr/lib/virtualbox/vboxdrv.sh) rather than the one you create in the instructions above. OR you could alter that script, but then if you ever update Virtualbox you're back to square one – RedScourge Aug 04 '23 at 05:30
14

I follow the solution given by @Younes LAB but I needed to change the sign-file path in the sign-virtual-box script for it work fine:

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

I am using Ubuntu 20.04.2 LTS and VirtualBox 6.1

Beatriz Fonseca
  • 4,367
  • 1
  • 11
  • 8
-3

I upgraded from virtualbox 6.0 to 6.1 and vboxconfig ran without an error (or the need to sign kernel modules).

ThorstenS
  • 317
  • 1
  • 7