Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8 [closed]

Asked 16/4, 2020 at 10:44 Answered 4/7, 2021 at 19:47

Solved linux centos virtual-machine virtualbox centos8

I started using Centos 8 recently, and I installed VirtualBox to manage my virtual machines, the problem that I encountered with is that my VirtualBox couldn't boot any VMs and it told me to execute this script /sbin/vboxconfig as root, when I run this script the following message appears :

vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
  vboxdrv vboxnetflt vboxnetadp vboxpci
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.  If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.

Note that my secure boot is enabled. My question is how to sign these kernel modules in Centos 8 ?

Debi answered 16/4, 2020 at 10:44 Comment(5)

Would someone from the elite, who tagged this question as "This question does not meet Stack Overflow guidelines" care to tell us below why s/he did so? This is a perfect SO question with me and I'm happy that I found it because it helped me. Care to leave a note of explanation here moderator? – Wilmawilmar 16/11, 2021 at 21:55

I agree with you, It took for me hours to find this response and share it in the forum, I hope someone will tell us why they did that. Thanks – Debi 17/11, 2021 at 9:21

Imho this question should be moved to SuperUser because it is not about programming – Holmes 30/7, 2022 at 16:38

@TomášPospíšek I'm not sure, but I do notice a very similar Ubuntu question is still open. That was asked 11 years earlier, though so it's possible SO policies have changed. – Nickerson 23/5, 2023 at 5:10

Seconded, @TomášPospíšek., YounesLAB. This answer saved my ass, and I'd already spent hours trying to work out the solution. This _MOD_ shouldn't meet Stack Overflow guidelines. Thanks to both of you! – Titanate 28/5, 2023 at 18:26

After some research, I found the solution.

Solution 1 : disable secure boot.

Solution 2 :

1- Install mokutil package

sudo dnf update
sudo dnf install mokutil

2- Create RSA key under new folder.

sudo -i
mkdir /root/signed-modules
cd /root/signed-modules
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"
chmod 600 MOK.priv

3- This command will ask you to add a password, you need this password after the next reboot.

sudo mokutil --import MOK.der

4- Reboot your system and a blue screen appear, select Enroll MOK --> Continue --> put the previous password and your system will start.

5- Put the previous cmmands in a script to run it later (after system update)

cd /root/signed-modules
vi sign-virtual-box

Add the following cmd to this script :

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

Use the below to find signfile if the above fails & edit script accordingly.

find /usr/src -name sign-file

5- Add exec permission and run the script

chmod 700 sign-virtual-box
./sign-virtual-box

6- Launch VirtualBOx

modprobe vboxdrv

For more info see this link (for ubuntu users) https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/

Debi answered 16/4, 2020 at 10:44 Comment(14)

Last step: update-initramfs -u -k all && reboot – Maurilla 26/9, 2020 at 9:17

$ sudo cd /root/signed-modules sudo: cd: command not found $ sudo /root/signed-modules sudo: /root/signed-modules: command not found After typing the command as recommended by you i am getting the error. – Ruddock 3/1, 2021 at 10:51

@Ruddock You can do sudo -i to login as root user and then do cd .... – Greenlaw 12/6, 2021 at 10:16

Just follow as discribed, it will boot up and may hit an error, that due to signing. follow the link below askubuntu.com/a/996685/771371 – Bravissimo 21/12, 2021 at 4:59

Maybe the above command "find /usr/src -name signfile" should be "find /usr/src -name sign-file"? – Identity 24/12, 2021 at 9:54

Ubuntu 23 Additional Info: 1. It is possible you will need to use apt instead of dnf (as in sudo dnf install mokutil). 2. If sudo -i doesn't work for you, switch to the root account (su) and repeat steps 2 onwards. 3. If you're not comfy in vi/vim, use nano sign-virtual-box instead 4. "Edit script accordingly" means you need to replace /usr/src/kernels/$(uname -r)/scripts/sign-file with the results of the find (or just replace it with "$(find /usr/src -name sign-file)" outright. It's important you actually update the script. Do not simply try to run the commands. – Titanate 28/5, 2023 at 18:50

I find that I have to use a different MOK key, the one the system provides at /var/lib/shim-signed/mok/MOK.der so therefore I have to use the command mokutil --import /var/lib/shim-signed/mok/MOK.der and alter the script to use the .der and .priv file at that path instead. Otherwise /sbin/vboxconfig fails because it tries to use its own key (at that location, as defined in /usr/lib/virtualbox/vboxdrv.sh) rather than the one you create in the instructions above. OR you could alter that script, but then if you ever update Virtualbox you're back to square one – Harwin 4/8, 2023 at 5:30

if it gives you

Signing /lib/modules/6.5.9-200.fc38.x86_64/extra/VirtualBox/*.ko At main.c:298: - SSL error:FFFFFFFF80000002:system library::No such file or directory: crypto/bio/bss_file.c:67 - SSL error:10000080:BIO routines::no such file: crypto/bio/bss_file.c:75 sign-file: /lib/modules/6.5.9-200.fc38.x86_64/extra/VirtualBox/*.ko

(I am using Fedora) it's because you don't have .ko files, but compressed .ko.xz files. so you have to go in directory $(dirname $(modinfo -n vboxdrv))/ then decompress with xz -d * then finally the script above will work you can run it. (continue....) – Psalmbook 8/11, 2023 at 22:32

after that, you have to compress again so do xz vboxdrv.ko.xz then xz vboxnetadp.ko.xz and xz vboxnetflt.ko.xz and finally you can do modprobe vboxdrv – Psalmbook 8/11, 2023 at 22:32

@Psalmbook personally i found that i have to reinstall the modules again and then sign it – Runofthemine 28/11, 2023 at 19:40

I get this error. Do we have to disable secure boot first to install and later do step 2. modinfo: ERROR: Module vboxdrv not found. – Helminthiasis 22/5 at 13:45

@KrvPerera, Up to you to choose either the 1st or the 2nd option. – Debi 27/5 at 4:55

I used both but please ignore my comment. I had another installation problem because I was missing gcc-12 apparently. I was trying to install VBox 7 in ubuntu 20.04 or 22.04. I was getting this error message also but when I look at the install log installation never completed due to gcc-12 missing error. So I think it is the reason I got no module found because modules were never installed. – Helminthiasis 29/5 at 11:38

and how to sign on ubuntu ?? – Cassandracassandre 13/7 at 11:50

I follow the solution given by @Younes LAB but I needed to change the sign-file path in the sign-virtual-box script for it work fine:

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

I am using Ubuntu 20.04.2 LTS and VirtualBox 6.1

Grubb answered 4/7, 2021 at 19:47 Comment(4)

This did the trick on my Ubuntu 20.04.2. Thanks! – Miki 8/8, 2021 at 8:0

This solution worked flawlessly and no need to disable secure boot. – Bluefield 10/11, 2021 at 19:7

This step was needed for me, too. Debian Buster, VirtualBox 6.1 – Hedonism 16/2, 2022 at 10:59

This worked for me on VirtualBox 7.0.12 on Ubuntu 22.04.3 – Missus 8/1 at 19:11

-2

I upgraded from virtualbox 6.0 to 6.1 and vboxconfig ran without an error (or the need to sign kernel modules).

Upsilon answered 1/11, 2020 at 17:15 Comment(2)

Sorry, this does not work for me – Senegambia 19/4, 2021 at 22:40

Agree. Running virtualbox 6.1 on xubuntu. Seems like I need to sign some stuff – Scabrous 6/5, 2021 at 1:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags