Skip to content

Instantly share code, notes, and snippets.

@sagi
Last active October 27, 2017 06:55
Show Gist options
  • Save sagi/0f747aea211a54683c0e0eeb9a282eef to your computer and use it in GitHub Desktop.
Save sagi/0f747aea211a54683c0e0eeb9a282eef to your computer and use it in GitHub Desktop.
vboxdrv Kernel Module Signing on Ubuntu 16.04 (UEFI Secure Boot)
# Secure Boot in Ubunutu: https://wiki.ubuntu.com/SecurityTeam/SecureBoot#Shim_bootloader_signed_with_Microsoft_key
# Ubuntu Kernel notes: https://github.com/Canonical-kernel/Ubuntu-kernel/blob/master/Documentation/module-signing.txt
# We'll have to sign the vboxdrv module because of UEFI's Secure Boot
openssl req -new -x509 -newkey rsa:4096 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Kernel Module Signer/"
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
# Add our Machine Owner Key to the trusted keys in Ubuntu's Shim 2nd stage bootloader
$ sudo mokutil --import MOK.der
# After reboot you'll notice a blue screen, press on "Enroll MOK"
$ reboot
# Use modprobe to load the vbox driver:
$ sudo modprobe vboxdrv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment