Skip to content

Instantly share code, notes, and snippets.

@kiasaki
Last active June 7, 2024 14:57
Show Gist options
  • Save kiasaki/5f4f491201d621d93a7d719f46e04009 to your computer and use it in GitHub Desktop.
Save kiasaki/5f4f491201d621d93a7d719f46e04009 to your computer and use it in GitHub Desktop.
ubuntu: vboxdrv module signing for secureboot to load it

Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.

So let's try it.

Create signing keys

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive name/"

Sign the module (vboxdrv for this example)

sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
# also sign: vboxnetadp vboxnetflt vboxpci

Register the keys to Secure Boot

sudo mokutil --import MOK.der

Supply a password for later use after reboot Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time. After the reboot, you may also need to sudo modprobe vboxdrv to load the module. Please let me know if VirtualBox would run this way on Ubuntu 16.04 (on kernel 4.4.0-21 or higher, I believe).

http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/ https://github.com/Canonical-kernel/Ubuntu-kernel/blob/master/Documentation/module-signing.txt http://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur

@cristiangranero90
Copy link

Thank You! It worked in Ubuntu 24.04LTS. And the kernel 6.8.0-35-generic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment