VirtualBox 5.x with SecureBoot on Fedora 24 | Ubuntu 16.04
Today I have tried to Install Virtualbox 5.0.x on my Newly Installed Fedora 24. I expected it to run smoothly as expected but It failed in kernel module compilation with following error
(modprobe vboxdrv failed. Please use 'dmesg' to find out why)
Then After I tried to reload module again with command sudo modprobe vboxdrv and failed again with following error
modprobe: ERROR: could not insert 'vboxdrv': Required key not available
Second try hinted me that there is nothing wrong in VirtualBox but something related to “key”, So I tried to search for a solution and landed to Official VirtualBox ticket which confirmed the same https://www.virtualbox.org/ticket/11577
Now I have tried find the way to Sign the key and received many links and started following Red Hat link to sign Module, Never thought it would be this much easy, Only Few steps and You are done.
- You will need root access or root equivalent access to follow this.
- First you will have to generate keys for the module with following command
[root@tejasbarot ~]# openssl req -new -x509 -newkey rsa:2048 -keyout tejasbarot.keyout -outform DER -out tejasbarot.der -nodes -days 36500 -subj "/CN=TejasBarot/"
Notes: CN=<Common-Name>, You can write your own name too, Cool ?
MOK stands for Module Owned Key
- Now Time to Import module in MOKManager of UEFI with Following Command:
[root@tejasbarot ~]# mokutil --import tejasbarot.der
Note: It will prompt you password, Make sure you remember password you enter here, You will need to enter the same password at time importing module on reboot.
- Now Reboot / Restsart your Fedora 24 Box.
- It will display MOK Screen, Press any key within TEN SECONDS else It will boot without MOK Module.
- Select “Enroll MOK”
- Click on “View Key 0″ to View Key Information, Click on “Continue” to proceed.
- In Next Screen, Click on “Next” to Enroll Keys.
- In next screen, It will ask you for a password which you have entered at time of importing MOK (In step 3)
- Now Click on OK to reboot.
- Now time to sign VirtualBox Modules with key generated in Step 2. Execute Following commands
[root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxdrv)
[root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxnetflt)
[root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxnetadp)
[root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxpci)
1. To make it work Properly, You will have to sign all modules of VirtualBox with generated keys.
2. Everytime you run “/sbin/rcvboxdrv setup” after following step 3, Signed Modules will be removed and You will again need to follow Step 11 and 12 , Only step 11 and 12 not from beginning. (This was not the case in Fedora 18 to 21)
- Restart vboxdrv service with following command
[root@tejasbarot ~]# systemctl restart vboxdrv
[root@tejasbarot ~]# systemctl status vboxdrv
NOTE: If you find this line “Starting VirtualBox kernel modules [ OK ]”, You are done, Start launching Virtual Machines.
REPEATING ONCE AGAIN, DO NOT EXECUTE “sudo /etc/init.d/vboxdrv setup” or “/sbin/rcvboxdrv setup” otherwise you will have to follow repeat Step No 11. and 12
DISABLE MOK Validation using following command
[root@tejasbarot ~]# mokutil --disable-validation
Switch to Legacy Mode from UEFI by Disabling SecureBoot from BIOS
References taken from :
Like and Share All Linux User’s Blog Facebook Page: https://www.FaceBook.com/AllLinuxUsersBlog