Follow the steps below if you have EFI Secure Boot enabled and need to sign VirtuaBox Kernel Modules.
- Install the virtualbox package
sudo apt install virtualbox- Create a personal public/private RSA key pair which will be used to sign kernel modules
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=YOUR_NAME/"Save your MOK in a safe place and don't forget to update the commands/scripts to reflect the new path where your key & cert files are located.
- Use the MOK utility (Machine Owner Key) to import the public key to the system keyring
mokutil --import MOK.der-
Reboot the machine and enroll the MOK
-
Use the signing utility shippped with the kernel to sign all the VirtualBox modules using the private MOK
#!/bin/bash
SIGNTOOL="/usr/src/linux-headers-$(uname -r)/scripts/sign-file"
for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
echo "Signing $modfile"
$SIGNTOOL sha256 MOK.priv MOK.der "$modfile"
done- Reload the vbox module and fire the VM up
sudo modprobe vboxdrvReference: https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/
Thanks! This worked for me on Ubuntu 22.04 with the standard UEFI that comes on HP laptops, although I had to add in a 'sudo' just before $SIGNTOOL in the final command