Create the certificate. Replace Org Name
with something more appropriate.
mkdir ~/.certs
openssl req -new -x509 -newkey rsa:2048 -keyout ~/.certs/cert.key -outform DER -out ~/.certs/cert.der -nodes -days 36500 -subj "/CN=Org Name/"
After that import the certificate
sudo mokutil --import ~/.certs/cert.der
Will be asked for a input password. This password will be asked when importing the certificate during the next boot. Reboot the system and make sure to import the certificate. In a Dell PC pressing F12
key during the boot will enter in the import wizard.
After the boot you can check if the certificate was imported by running either:
sudo keyctl list %:.system_keyring
dmesg | grep 'EFI: Loaded cert'
You must see a line containing Org Name
in both outputs.
With all in place you can generate the vboxdrv module
sudo /etc/init.d/vboxdrv setup
Sign it
sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ~/.certs/cert.key ~/.certs/cert.der $(modinfo -n vboxdrv)
Check if the signing was successful
modinfo vboxdrv
And modprobe it
sudo modprobe vboxdrv
Make sure to sign the module everytime it is rebuilt.
Reference: http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/