Install VirtualBox on Fedora 29 and sign the VirtualBox kernel modules in order to avoid "WARNING: The vboxdrv kernel module is not loaded" when Secure Boot is enabled
Run the following command with su
permissions.
mkdir -p /root/modules-signing/vbox-signing
Go to the directory created
cd /root/modules-signing/vbox-signing
Installation
Run the following commands:
wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
dnf install binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel dkms qt5-qtx11extras libxkbcommon
dnf install VirtualBox-6.0
/usr/lib/virtualbox/vboxdrv.sh setup
Sign virtualbox kernel modules
You can create a new bash file, called sign_vbox_kernel_module.sh
and run it with the command
bash ./sign_vbox_kernel_module.sh
.
It is usefull to keep this bash file because the private and public key, created with the script, expire after 1 year.
The script will ask you a password that will be used to load the kernel module after reboot.
At the end your machine will reboot and it will show the MOK management.
#!/bin/bash
echo [ req ] > configuration_file.config
echo default_bits = 4096 >> configuration_file.config
echo distinguished_name = req_distinguished_name >> configuration_file.config
echo prompt = no >> configuration_file.config
echo string_mask = utf8only >> configuration_file.config
echo x509_extensions = myexts >> configuration_file.config
echo >> configuration_file.config
echo [ req_distinguished_name ] >> configuration_file.config
echo O = Organization >> configuration_file.config
echo CN = Organization signing key >> configuration_file.config
echo emailAddress = pierangelodipilato@gmail.com >> configuration_file.config
echo >> configuration_file.config
echo [ myexts ] >> configuration_file.config
echo basicConstraints=critical,CA:FALSE >> configuration_file.config
echo keyUsage=digitalSignature >> configuration_file.config
echo subjectKeyIdentifier=hash >> configuration_file.config
echo authorityKeyIdentifier=keyid >> configuration_file.config
openssl req -x509 -new -nodes -utf8 -sha256 -days 36500 -batch -config configuration_file.config -outform DER \
-out virtualbox_public_key.der -keyout virtualbox_private_key.priv
for filename in /lib/modules/$(uname -r)/misc/vbox*.ko ; do
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 virtualbox_private_key.priv virtualbox_public_key.der $filename ;
done
mokutil --import virtualbox_public_key.der
reboot
Now you can make great things.