Opened 15 months ago
Last modified 12 months ago
#21854 new defect
VBox version 7+ fails load signed drivers
Reported by: | rocky81 | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox-7.0.8 |
Keywords: | Cc: | ||
Guest type: | all | Host type: | Linux |
Description
I have been using Virtualbox 6.1.30 successfully on Rocky Linux 8 with kernel 4.18.0-372.19.1 for some time now. I wanted to upgrade to VBox 7, but when I did so I got errors about Secure Boot being enabled and needing to sign the driver modules. I had signed the driver modules, but for some reason Virtualbox couldn't recognize this. If I loaded the drivers manually using modprobe Virtualbox would load fine, but when I didn't load the drivers with modprobe Virtualbox would always give the same error. "You must sign these kernel modules before using VirtualBox:" I know the drivers are signed because Secure Boot is enabled and modprobe would fail to load them if they weren't signed. I'm not sure why modprobe can load the drivers but VBox can't.
Attachments (1)
Change History (3)
by , 15 months ago
Attachment: | vbox.error added |
---|
comment:1 by , 15 months ago
Hi rocky81,
Your distribution is missing tools we use in order to generate signing keys. rcvboxdrv
expects these keys to be in /var/lib/shim-signed/mok
directory. Have you tried to do what message from error log suggested?
sudo mkdir -p /var/lib/shim-signed/mok sudo openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext "extendedKeyUsage=codeSigning" -keyout /var/lib/shim-signed/mok/MOK.priv -out /var/lib/shim-signed/mok/MOK.der sudo mokutil --import /var/lib/shim-signed/mok/MOK.der sudo reboot Restart "rcvboxdrv setup" after system is rebooted
comment:2 by , 12 months ago
Hi galitsyn. I didn't do what the error message suggested, because the error message wants me to create a new key. I already have a key which is enrolled in mok. Your suggestion to put the key in the /var/lib/shim-signed/mok directory was helpful however and seems to have resolved the problem. Maybe an update to documentation is in order? The old behavior of virtualbox was that the existence of signing keys was never checked. An attempt was made to load the drivers and if that attempt failed an error was generated. Now apparently the existence of keys is being checked and will generate a signing error if keys are not found even if the drivers are properly signed. This is new.
logs