Ask Your Question
0

Virtual Box on Fedora 19 fails to start a VM

asked 2013-10-21 20:01:07 -0500

maarten gravatar image

updated 2014-02-15 20:48:56 -0500

mether gravatar image

I installed Virtual Box 4.2 from rpmfusion/free using this command:

yum repository-packages rpmfusion-free install VirtualBox

It installed the dependency kmod-VirtualBox correctly.

# yum list installed | grep VirtualBox
VirtualBox.x86_64              4.2.18-2.fc19        @rpmfusion-free-updates     
kmod-VirtualBox-3.11.4-201.fc19.x86_64.x86_64

However, Virtual Box fails to start a VM:

$ virtualbox
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
         available for the current kernel (3.11.4-201.fc19.x86_64) or it failed to
         load. Please make sure that you have kmod-VirtualBox for current kernel and load the kernel module by executing

           'systemctl restart systemd-modules-load.service' (as root)

         You will not be able to start VMs until this problem is fixed.

When I try to manually load the kernel modules, an error occurs as well:

# systemctl restart systemd-modules-load.service
Job for systemd-modules-load.service failed. See 'systemctl status systemd-modules-load.service' and 'journalctl -xn' for details.

The error is due to a module not being loaded.

# systemctl status systemd-modules-load.service
systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static)
   Active: failed (Result: exit-code) since Tue 2013-10-22 02:46:44 CEST; 3min 49s ago
     Docs: man:systemd-modules-load.service(8)
           man:modules-load.d(5)
  Process: 1949 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)

Oct 22 02:46:44 maarten-acer2 systemd-modules-load[1949]: Failed to insert 'vboxdrv': Required key not available
Oct 22 02:46:44 maarten-acer2 systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE
Oct 22 02:46:44 maarten-acer2 systemd[1]: Failed to start Load Kernel Modules.
Oct 22 02:46:44 maarten-acer2 systemd[1]: Unit systemd-modules-load.service entered failed state.

Finally, it comes down to vboxdrv not being signed by Fedora's key!

# modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available

I think Virtual Box is packaged incorrectly. The kernel modules should have been signed by Fedora's keys.

This problem is closely related to https://ask.fedoraproject.org/question/34443/install-modules-on-uefi-f19-kernel-signature-required/ (my previous question).

edit retag flag offensive close merge delete

Comments

1

Just to be clear, you should not expect third party modules or packages to be signed with Fedora's signing keys.

randomuser gravatar imagerandomuser ( 2013-10-22 01:12:26 -0500 )edit

5 Answers

Sort by ยป oldest newest most voted
1

answered 2014-12-09 16:40:04 -0500

maarten gravatar image

updated 2014-12-09 16:54:50 -0500

With the pending EOL status of Fedora 19, I decided to give this problem another go.

I ended up creating my own public/private key pair and adding the public key to the MOK (Machine-Owner-Key)-chain of shim.

The kernel loads these keys at boot time.

Finally, by signing the kenel module files of virtual box with my private key, I can launch VirtualBox on my EFI system.

1. List currently loaded keys:

$ sudo keyctl list %:.system_keyring
5 keys in keyring:
87094    8     9: ---lswrv  0 0 asymmetric: Fedora kernel signing key: 9a0182fa6694d373f36bde1c99594e0e42ac8f9f
10640     6     48: ---lswrv 0 0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
23     9    543: ---lswrv 0 0 asymmetric: Acer: c4f0474ae6b5e67a509d99132f49a4ec13f7ac68
3152    52    312: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
43107    9    814: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

These were loaded at kernel boot time:

$ dmesg | grep 'EFI: Loaded cert'
[    0.719111] EFI: Loaded cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' linked to '.system_keyring'
[    0.719120] EFI: Loaded cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' linked to '.system_keyring'
[    0.719149] EFI: Loaded cert 'Acer: c4f0474ae6b5e67a509d99132f49a4ec13f7ac68' linked to '.system_keyring'
[    0.730021] EFI: Loaded cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to '.system_keyring'

2. Create private/public key pair from a configuration file:

a. Create the folder where to put the keys (can be anywhere).

mkdir ~/x509; cd ~/x509

b. Create the configuration file (don't forget to personalize):

$ cat << EOF > configuration_file.config
[ req ]
days = 36500
default_bits = 4096
#specify the section defining the requested distinguished name
distinguished_name = maarten
prompt = no
string_mask = utf8only
#Specify the section that defines extensions to add to a self-signed certificate.
x509_extensions = myexts
encrypt_key = no

[ maarten ]
countryName = be
organizationName = Maarten Inc
commonName = Maarten
emailAddress = maarten@xxx.com

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF

c. Generate the private/public key (store them somewhere safely !!!):

$ openssl req -x509 -new -utf8 -sha256 -batch -config configuration_file.config -outform DER -out public_key.der -keyout private_key.priv

3. In the previous step, you have generated your private/public key pair. We will now add them to the mok list. You will be asked a password. Remember it, as it will be used to confirm the MOK request.

$ sudo mokutil --import my_signing_key_pub.der

4. Reboot the machine

 $ sudo shutdown -r now

5. At boot time, shim.efi will notice the newly added key and will launch MokManager.efi.

MokManager.efi will request to enter your previously entered password.

6. Once booted, your key pair has been succesfully added to the key ring of the kernel.

$ sudo keyctl list %:.system_keyring

6 keys in keyring:
870942879: ---lswrv     0     0 asymmetric: Fedora kernel signing key: 9a0182fa6694d373f36bde1c99594e0e42ac8f9f
1064026748: ---lswrv     0     0 asymmetric: Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42
6557317: ---lswrv     0     0 asymmetric: maarten: Organization signing key: e121670995ff9ea405426aa201e651eee7242316
2399543: ---lswrv     0     0 asymmetric: Acer: c4f0474ae6b5e67a509d99132f49a4ec13f7ac68
315252312: ---lswrv     0     0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
431079814: ---lswrv     0     0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53

7. I ended up signing the ... (more)

edit flag offensive delete link more

Comments

Very cool answer ,we should group this .

sergiomb gravatar imagesergiomb ( 2015-05-28 07:50:23 -0500 )edit

Along with this make sure your Virtualization is enabled in BIOS settings.

Annapoorni gravatar imageAnnapoorni ( 2016-03-30 11:14:33 -0500 )edit
0

answered 2013-10-21 21:24:56 -0500

https://www.virtualbox.org/wiki/Downloads

edit flag offensive delete link more

Comments

The bug will be fix on VirtualBox 4.3

kevin3489 gravatar imagekevin3489 ( 2013-10-21 21:28:03 -0500 )edit
0

answered 2014-10-02 19:14:18 -0500

cgonz31 gravatar image

If you have Secure Boot enabled, the VirtualBox kernel modules will not load because they are not signed with the Fedora key. See the link below for a previous post with details on how to fix this:

https://ask.fedoraproject.org/en/question/54155/virtualbox-not-working-on-fedora-20/

edit flag offensive delete link more
-1

answered 2014-10-02 16:30:33 -0500

n0oir gravatar image

Hi friend, i made a tutorial for install VB in fedora 21,20,19

check my blog >> http://n0oir.wordpress.com/2014/09/30/instalando-virtualbox-4-3-en-fedora-21/

now try this

su -c 'yum -y update kernel'

su -c 'yum install binutils gcc make patch libgomp glibc-headers glibc-devel dkms kernel-devel kernel-headers kernel-modules-extra'

su -c 'yum -y install http://download.virtualbox.org/virtualbox/4.3.14/VirtualBox-4.3-4.3.14_95030_fedora18-1.x86_64.rpm'

usermod -a -G vboxusers $USER

sudo /etc/init.d/vboxdrv setup

but anyway check the status of theses process

su -c 'systemctl status vboxdrv.service'

su -c 'systemctl status vboxautostart-service.service'

su -c 'systemctl status vboxballoonctrl-service.service'

su -c 'systemctl status vboxweb-service.service'

good luck, regards

edit flag offensive delete link more

Comments

You did not answer his question at all. This solution you gave WILL NOT work in a Secure Boot environment like his. His problem is due to the fact that the VirtualBox kernel module will not load without a signed key. Your answer is about installing VirtualBox in a NON-Secure Boot PC.

cgonz31 gravatar imagecgonz31 ( 2014-10-24 21:41:12 -0500 )edit
-1

answered 2014-10-01 12:16:20 -0500

This is due to unsigned Virtual Box kernel module could not load in the UEFI native fedora installation. Download the key from virtual box and import it. wget -q https://www.virtualbox.org/download/oracle_vbox.asc rpm --import oracle_vbox.asc more details in the following link https://www.virtualbox.org/wiki/Linux_Downloads

edit flag offensive delete link more

Comments

That's not the right key. That's the key for the RPM package not for the kernel module.

cgonz31 gravatar imagecgonz31 ( 2014-10-24 21:45:42 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-10-21 20:01:07 -0500

Seen: 13,684 times

Last updated: Dec 09 '14