|
Bugzilla – Full Text Bug Listing |
| Summary: | Virtualbox doesn't work with secure boot | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Andreas <opendreas> |
| Component: | Virtualization:Other | Assignee: | Larry Rainey <llrainey15> |
| Status: | RESOLVED INVALID | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | charles.denfer |
| Version: | Leap 15.5 | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Same issue on Leap 15.6. As mentioned in the error message, you need to sign the kernel modules.
This is quite complex, so here is how to do so.
First, you need to create a key that will be used to sign the kernel.
su
mkdir -p /var/lib/shim-signed/mok
openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext "extendedKeyUsage=codeSigning" -keyout /var/lib/shim-signed/mok/MOK.priv -out /var/lib/shim-signed/mok/MOK.der
sudo mokutil --import /var/lib/shim-signed/mok/MOK.der
reboot
When rebooting, enroll the new key by typing the password you chose while creating the key.
Then, we will create a script to sign the kernel modules.
su
cd /var/lib/shim-signed/mok
vi sign-vbox
The script should be like this:
#!/bin/bash
for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
echo "Signing $modfile"
/lib/modules/$(uname -r)/build/scripts/sign-file sha256 \
MOK.priv \
MOK.der "$modfile"
done
Then we run it.
chmod 755 sign-vbox
./sign-vbox
reboot
Enjoy virtualbox with secure boot enabled!
|
When secure boot is enabled, the virtual machine does not start. "The virtual machine 'Windows 11' has terminated unexpectedly during startup with exit code 1 (0x1). Result Code: NS_ERROR_FAILURE (0X80004005) Component: MachineWrap Interface: IMachine {300763af-5d6b-46e6-aa96-273eac15538a}" "Kernel driver not installed (rc=-1908) The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing '/usr/sbin/vboxconfig' as root. If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information. where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT."