Skip to content

Instantly share code, notes, and snippets.

@pierDipi
Last active February 21, 2019 12:25
Show Gist options
  • Save pierDipi/64fa36b996eafd596d9419a621b11d5f to your computer and use it in GitHub Desktop.
Save pierDipi/64fa36b996eafd596d9419a621b11d5f to your computer and use it in GitHub Desktop.
Install VirtualBox on Fedora 29 and sign the kernel modules in order to avoid "WARNING: The vboxdrv kernel module is not loaded" when Secure Boot is enabled

Install VirtualBox on Fedora 29 and sign the VirtualBox kernel modules in order to avoid "WARNING: The vboxdrv kernel module is not loaded" when Secure Boot is enabled

Run the following command with su permissions.

mkdir -p /root/modules-signing/vbox-signing

Go to the directory created

cd /root/modules-signing/vbox-signing


Installation

Run the following commands:

wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo

dnf install binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel dkms qt5-qtx11extras libxkbcommon

dnf install VirtualBox-6.0

/usr/lib/virtualbox/vboxdrv.sh setup

Sign virtualbox kernel modules

You can create a new bash file, called sign_vbox_kernel_module.sh and run it with the command bash ./sign_vbox_kernel_module.sh.

It is usefull to keep this bash file because the private and public key, created with the script, expire after 1 year.

The script will ask you a password that will be used to load the kernel module after reboot.

At the end your machine will reboot and it will show the MOK management.

#!/bin/bash

echo [ req ] > configuration_file.config
echo default_bits = 4096 >> configuration_file.config
echo distinguished_name = req_distinguished_name >> configuration_file.config
echo prompt = no >> configuration_file.config
echo string_mask = utf8only  >> configuration_file.config
echo x509_extensions = myexts  >> configuration_file.config
echo >> configuration_file.config

echo [ req_distinguished_name ]  >> configuration_file.config
echo O = Organization  >> configuration_file.config
echo CN = Organization signing key  >> configuration_file.config
echo emailAddress = pierangelodipilato@gmail.com  >> configuration_file.config
echo >> configuration_file.config

echo [ myexts ]  >> configuration_file.config
echo basicConstraints=critical,CA:FALSE  >> configuration_file.config
echo keyUsage=digitalSignature  >> configuration_file.config
echo subjectKeyIdentifier=hash  >> configuration_file.config
echo authorityKeyIdentifier=keyid  >> configuration_file.config

openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER \
                -out virtualbox_public_key.der -keyout virtualbox_private_key.priv

for filename in /lib/modules/$(uname -r)/misc/vbox*.ko ; do
        /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 virtualbox_private_key.priv virtualbox_public_key.der $filename ;
done

mokutil --import virtualbox_public_key.der

reboot

Now you can make great things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment