kernel - Could not load 'vboxdrv' after upgrade to Ubuntu 16.04 (and I want to keep secure boot) - Ask Ubuntu
i upgrade ubuntu 15.10 16.04 , since virtualbox 5.0.18 isn't starting vms anymore. complains 'vboxdrv' isn't loaded. try load , following error:
$ sudo modprobe vboxdrv modprobe: error: not insert 'vboxdrv': required key not available
i believe related secure boot use , want continue using. ubuntu 15.10 secure boot , virtualbox working fine.
also tried $ sudo apt-get --reinstall install virtualbox-dkms
built kernel module didn't solve issue.
any idea how vboxdrv loaded while keeping secure boot enabled?
update 2: tried executing sudo mokutil --disable-validation
. when executing command, during next boot prompted disable secure boot, add key or hash disk. since don't want disable secure boot, seems doesn't solve issue either. want keep uefi activated parallel windows installation.
note: if don't mind disabling secure boot, see why "required key not available" when install 3rd party kernel modules or after kernel upgrade? instead.
since kernel version 4.4.0-20, enforced unsigned kernel modules not allowed run secure boot enabled. because want keep secure boot, next logical step sign modules.
so let's try it.
create signing keys
openssl req -new -x509 -newkey rsa:2048 -keyout mok.priv -outform der -out mok.der -nodes -days 36500 -subj "/cn=descriptive name/"
sign module (vboxdrv example)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./mok.priv ./mok.der $(modinfo -n vboxdrv)
register keys secure boot
sudo mokutil --import mok.der
supply password later use after reboot
reboot
, follow instructions enroll mok (machine owner key). here's sample pictures. system reboot 1 more time. after reboot, may needsudo modprobe vboxdrv
load module.
please let me know if virtualbox run way on ubuntu 16.04 (on kernel 4.4.0-21 or higher, believe).
resources: detailed website article fedora , ubuntu implementation of module signing. (they've been working on it) ;-) , security conscious, please consider comment of @zwets below. have full network , pci capabilities, may wish sign following modules well: vboxnetflt
, vboxnetadp
, , vboxpci
. @shasha_trn comment below.
additional resource: created bash script own use every time virtualbox-dkms
upgrades , overwrites signed modules. check out vboxsign on github.
Comments
Post a Comment