This procedure is required in order to use VirtualBox in a Fedora installation from a machine using SecureBoot.
It sucks, though... but, this is it. 🤷♂️
# generate MOK (machine owned key)
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=$(whoami)/"
# import MOK into SecureBoot
sudo mokutil --import MOK.der
# Reboot required in order to set up new MOK in UEFI boot config
sudo reboot
Later, after booting Fedora again with MOK enrolled...
# retrieve module files and sign them for the current kernel version
for f in $(dirname $(modinfo -n vboxdrv))/*.ko; do
echo "Signing $f"
sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $f
done
# readd vbox modules
sudo modprobe -v vboxdrv
# enjoy vbox, finally