Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8

YounesLAB
April 16, 2020
184 views
2 votes
3 Answers

I started using Centos 8 recently, and I installed VirtualBox to manage my virtual machines,
the problem that I encountered with is that my VirtualBox couldn’t boot any VMs and it told me to execute this script /sbin/vboxconfig as root, when I run this script the following message appears :

vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
  vboxdrv vboxnetflt vboxnetadp vboxpci
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.  If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.

Note that my secure boot is enabled.
My question is how to sign these kernel modules in Centos 8 ?

Answers

Chosen as BEST ANSWER
- YounesLAB
- April 16, 2020 at 12:44 pm
- 0 votes
0
After some research, I found the solution.

Solution 1 : disable secure boot.

Solution 2 :

1- Install mokutil package
```
sudo dnf update
sudo dnf install mokutil
```
2- Create RSA key under new folder.
```
sudo -i
mkdir /root/signed-modules
cd /root/signed-modules
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"
chmod 600 MOK.priv
```
3- This command will ask you to add a password, you need this password after the next reboot.
```
sudo mokutil --import MOK.der
```
4- Reboot your system and a blue screen appear, select Enroll MOK --> Continue --> put the previous password and your system will start.

5- Put the previous cmmands in a script to run it later (after system update)
```
cd /root/signed-modules
vi sign-virtual-box
```
Add the following cmd to this script :
```
#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 
                                /root/signed-modules/MOK.priv 
                                /root/signed-modules/MOK.der "$modfile"
done
```
Use the below to find signfile if the above fails & edit script accordingly.
```
find /usr/src -name sign-file
```
5- Add exec permission and run the script
```
chmod 700 sign-virtual-box
./sign-virtual-box 
```
6- Launch VirtualBOx
```
modprobe vboxdrv
```
For more info see this link (for ubuntu users) https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/

(Edit)

- ThorstenS
- November 1, 2020 at 6:15 pm
- 0 votes
0
I upgraded from virtualbox 6.0 to 6.1 and vboxconfig ran without an error (or the need to sign kernel modules).

Login or Signup to reply.

- BeatrizFonseca
- July 4, 2021 at 9:47 pm
- 0 votes
0
I follow the solution given by @Younes LAB but I needed to change the sign-file path in the sign-virtual-box script for it work fine:
```
#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 
                                /root/signed-modules/MOK.priv 
                                /root/signed-modules/MOK.der "$modfile"
done
```
I am using Ubuntu 20.04.2 LTS and VirtualBox 6.1
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.