I know there are many open discussions relating this issue, but none of them addresses a unique reason about the bug.
It's about Ubuntu 16.04, in my case. I install VirtualBox from Ubuntu repository, with sudo apt install virtualbox-qt
I had kernel 4.4.0-34-generic installed. After I installed VirtualBox, everything worked fine.
But after I updated the system (through Software Updater) and upgraded with sudo apt upgrade
, sudo apt dist-upgrade
and auto-remove
, my virtual machine can't start. Kernel 4.4.0-36-generic is now installed. It says something like:
please install virtualbox-dkms and check if appropriate linux-headers are installed
virtualbox-dkms
is already installed, so nothing happens after sudo apt install virtualbox-dkms
But what about headers?
$ dpkg -l | grep linux-headers
ii linux-headers-4.4.0-34 4.4.0-34.53 all Header files related to Linux kernel version 4.4.0
ii linux-headers-4.4.0-34-generic 4.4.0-34.53 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
ii linux-headers-4.4.0-36 4.4.0-36.55 all Header files related to Linux kernel version 4.4.0
ii linux-headers-4.4.0-36-generic 4.4.0-36.55 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
ii linux-headers-generic 4.4.0.36.38 amd64 Generic Linux kernel headers
$ uname -r
4.4.0-36-generic
And what is the real reason why this happens after every kernel update? I want to know exactly what to do and not always to spend days fixing it.
Best Answer
I found a solution.
Although my question is not answered and I don't exactly understand WHY this problem happens, I want to share a simple summarization of the solution with you. I accepted that the Linux kernel simply doesn't provide support to Virtualbox after an update. They know the reason.
Anyway, the problem happens after almost every kernel update or package upgrade. If you try
$ sudo modprobe vboxdrv
, you getmodprobe: ERROR: could not insert 'vboxdrv': Required key not available
.The solution is to manually sign the key EVERY time this happens, because the signing is KERNEL-DEPENDENT. It is related to Ubuntu 16.04 WITHOUT disabling Secure Boot.
Steps:
Check if installed headers (
$ dpkg -l | grep linux-headers
) match the running kernel(
$ uname -r
).You can always use this command to see a list of enrolled/signed keys:
$ sudo keyctl list %:.system_keyring
.If you already signed a key for Virtualbox (with the old kernel), you need to remove it. There is a way to remove a single key, but I remove them all in once (all keys that I enrolled):
$ sudo mokutil --reset
. Choose a password and restart the computer.$ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/"
. Instead of “MOK” and “Akrog” choose names (e.g. “vbX509Key” and “vbKey”).$ sudo /usr/src/linux-headers-XXX-generic/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/XXX-generic/updates/dkms/vboxdrv.ko
. Instead of “MOK” use the specified name and correct kernel version instead of "XXX".$ sudo mokutil --import MOK.der
. Again, use the specified name instead of “MOK”. Choose a password and restart the computer.Now you can normally start and use the Virtualbox.