VirtualBox

Opened 15 months ago

Last modified 12 months ago

#21854 new defect

VBox version 7+ fails load signed drivers

Reported by: rocky81 Owned by:
Component: other Version: VirtualBox-7.0.8
Keywords: Cc:
Guest type: all Host type: Linux

Description

I have been using Virtualbox 6.1.30 successfully on Rocky Linux 8 with kernel 4.18.0-372.19.1 for some time now. I wanted to upgrade to VBox 7, but when I did so I got errors about Secure Boot being enabled and needing to sign the driver modules. I had signed the driver modules, but for some reason Virtualbox couldn't recognize this. If I loaded the drivers manually using modprobe Virtualbox would load fine, but when I didn't load the drivers with modprobe Virtualbox would always give the same error. "You must sign these kernel modules before using VirtualBox:" I know the drivers are signed because Secure Boot is enabled and modprobe would fail to load them if they weren't signed. I'm not sure why modprobe can load the drivers but VBox can't.

Attachments (1)

vbox.error (3.2 KB ) - added by rocky81 15 months ago.
logs

Download all attachments as: .zip

Change History (3)

by rocky81, 15 months ago

Attachment: vbox.error added

logs

comment:1 by galitsyn, 15 months ago

Hi rocky81,

Your distribution is missing tools we use in order to generate signing keys. rcvboxdrv expects these keys to be in /var/lib/shim-signed/mok directory. Have you tried to do what message from error log suggested?

sudo mkdir -p /var/lib/shim-signed/mok
sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext "extendedKeyUsage=codeSigning" -keyout /var/lib/shim-signed/mok/MOK.priv -out /var/lib/shim-signed/mok/MOK.der
sudo mokutil --import /var/lib/shim-signed/mok/MOK.der
sudo reboot

Restart "rcvboxdrv setup" after system is rebooted

comment:2 by rocky81, 12 months ago

Hi galitsyn. I didn't do what the error message suggested, because the error message wants me to create a new key. I already have a key which is enrolled in mok. Your suggestion to put the key in the /var/lib/shim-signed/mok directory was helpful however and seems to have resolved the problem. Maybe an update to documentation is in order? The old behavior of virtualbox was that the existence of signing keys was never checked. An attempt was made to load the drivers and if that attempt failed an error was generated. Now apparently the existence of keys is being checked and will generate a signing error if keys are not found even if the drivers are properly signed. This is new.

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette