Kernel Modules – How to Sign for VirtualBox

kernelkernel-modulesvirtualbox

So i am on a debian buster 10 system and i installed virtualbox and i encountered an error which tells me to load some kernel modules manually.

sudo ./vboxconfig 
[sudo] password for user:
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
 vboxdrv vboxnetflt vboxnetadp
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules

So i just need some help to load the vboxdrv, vboxnetflt and vboxnetadp kernel modules to complete my virtual box installation and i am not too sure how this is done. I am using a UEFI system which has secure boot enabled.

Best Answer

There are three steps involved in signing modules:

The first two steps only need to be done once, the last will need to be redone every time the modules are built.

To create a MOK:

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -days 36500 -subj "/CN=My Name/" -nodes

replacing My Name with something appropriate. (The following instructions assume you run this as root, in root’s home directory, /root.)

To enroll it:

mokutil --import MOK.der

This will prompt for a password, which is a temporary password used on the next boot only. Reboot your system, and you will enter the UEFI MOK management tool; see this handy guide with screenshots and follow the instructions to enroll your key.

This will reboot again, and you will then be able to check that your key is loaded:

dmesg | grep cert

To sign modules with your key, go to the directory containing the modules, and run

/usr/lib/linux-kbuild-4.19/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der vboxdrv.ko

replacing “4.19” and vboxdrv.ko as appropriate.

Related Question