kernel - Could not load 'vboxdrv' after upgrade to Ubuntu 16.04 (and I want to keep secure boot) - Ask Ubuntu


i upgrade ubuntu 15.10 16.04 , since virtualbox 5.0.18 isn't starting vms anymore. complains 'vboxdrv' isn't loaded. try load , following error:

$ sudo modprobe vboxdrv modprobe: error: not insert 'vboxdrv': required key not available

i believe related secure boot use , want continue using. ubuntu 15.10 secure boot , virtualbox working fine.

also tried $ sudo apt-get --reinstall install virtualbox-dkms built kernel module didn't solve issue.

any idea how vboxdrv loaded while keeping secure boot enabled?

update 2: tried executing sudo mokutil --disable-validation. when executing command, during next boot prompted disable secure boot, add key or hash disk. since don't want disable secure boot, seems doesn't solve issue either. want keep uefi activated parallel windows installation.

note: if don't mind disabling secure boot, see why "required key not available" when install 3rd party kernel modules or after kernel upgrade? instead.

since kernel version 4.4.0-20, enforced unsigned kernel modules not allowed run secure boot enabled. because want keep secure boot, next logical step sign modules.

so let's try it.

  1. create signing keys

    openssl req -new -x509 -newkey rsa:2048 -keyout mok.priv -outform der -out mok.der -nodes -days 36500 -subj "/cn=descriptive name/"

  2. sign module (vboxdrv example)

    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./mok.priv ./mok.der $(modinfo -n vboxdrv)

  3. register keys secure boot

    sudo mokutil --import mok.der

    supply password later use after reboot

  4. reboot , follow instructions enroll mok (machine owner key). here's sample pictures. system reboot 1 more time. after reboot, may need sudo modprobe vboxdrv load module.

please let me know if virtualbox run way on ubuntu 16.04 (on kernel 4.4.0-21 or higher, believe).

resources: detailed website article fedora , ubuntu implementation of module signing. (they've been working on it) ;-) , security conscious, please consider comment of @zwets below. have full network , pci capabilities, may wish sign following modules well: vboxnetflt, vboxnetadp, , vboxpci. @shasha_trn comment below.

additional resource: created bash script own use every time virtualbox-dkms upgrades , overwrites signed modules. check out vboxsign on github.


Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more

sql server - "Configuration file does not exist", Event ID 274 - Super User

sql server 2014 standard in server 2012 r2 i installed sql server 2014 in drive d: i following error: microsoft ssis service: registry setting specifying configuration file not exist. attempting load default config file. simply add c:\program files\microsoft sql server\1?0\dts\binn\msdtssrvr.ini.xml to default reg_sz value in: hkey_local_machine\software\microsoft\microsoft sql server\1?0\ssis\serviceconfigfile where ? replaced matching sql server version
Read more