Skip to content

Instantly share code, notes, and snippets.

@elyezer

elyezer/virtualbox_kmod_sign.md

Last active September 4, 2015 22:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save elyezer/291f3b165d81d89ce6c9 to your computer and use it in GitHub Desktop.
Save elyezer/291f3b165d81d89ce6c9 to your computer and use it in GitHub Desktop.
Download ZIP
VirtualBox in Secure Boot Linux
Raw
virtualbox_kmod_sign.md

Create the certificate. Replace Org Name with something more appropriate.

mkdir ~/.certs
openssl req -new -x509 -newkey rsa:2048 -keyout ~/.certs/cert.key -outform DER -out ~/.certs/cert.der -nodes -days 36500 -subj "/CN=Org Name/"

After that import the certificate

sudo mokutil --import ~/.certs/cert.der

Will be asked for a input password. This password will be asked when importing the certificate during the next boot. Reboot the system and make sure to import the certificate. In a Dell PC pressing F12 key during the boot will enter in the import wizard.

After the boot you can check if the certificate was imported by running either:

sudo keyctl list %:.system_keyring
dmesg | grep 'EFI: Loaded cert'

You must see a line containing Org Name in both outputs.

With all in place you can generate the vboxdrv module

sudo /etc/init.d/vboxdrv setup

Sign it

sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ~/.certs/cert.key ~/.certs/cert.der $(modinfo -n vboxdrv)

Check if the signing was successful

modinfo vboxdrv

And modprobe it

sudo modprobe vboxdrv

Make sure to sign the module everytime it is rebuilt.

Reference: http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment