English
Ask Your Question
2

Virtualbox: Error

asked 2015-03-16 15:55:23 +0000

EdwardK gravatar image

updated 2015-03-17 01:45:36 +0000

mether gravatar image

I am trying to install Virtualbox. All I tried fails. installed from repo, did not work, deleted and tries from Virtualbox.org , also failed. Tried installing kmod packages and did help as well.

sudo /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel modules                         [  OK  ]
Uninstalling old VirtualBox DKMS kernel modules            [  OK  ]
Trying to register the VirtualBox kernel modules using DKMS[  OK  ]
Starting VirtualBox kernel modules                         [FAILED]

modprobe vboxdrv 
modprobe: ERROR: could not insert 'vboxdrv': Operation not permitted

I followed this guide here : http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/ and also doesn't work.

uname -r
3.18.9-200.fc21.x86_64

What should I do?

edit retag flag offensive close merge delete

Comments

1

By any chance, do you have Secure Boot enabled?

cgonz31 ( 2015-03-16 16:48:59 +0000 )edit

Also, please don't use hashtags in the question tags.

cgonz31 ( 2015-03-16 16:49:59 +0000 )edit

@cgonz31 sorry, did not notice the hashtag. How do I verify if secure boot is on or not ?

EdwardK ( 2015-03-16 17:20:31 +0000 )edit

@cgonz31 I disabled secure boot and VB seems to load. Thanks

EdwardK ( 2015-03-16 17:34:26 +0000 )edit
1

OK. So disabling Secure Boot worked. I'll post a more complete answer for reference.

cgonz31 ( 2015-03-16 19:16:46 +0000 )edit

1 answer

Sort by ยป oldest newest most voted
3

answered 2015-03-16 19:39:23 +0000

cgonz31 gravatar image

updated 2015-03-19 20:49:59 +0000

I had the same issue some time ago. Apparently, Secure Boot was to blame. VirtualBox needs to load its own kernel modules which are not signed using the Fedora key. So with Secure Boot enabled, the VirtualBox kernel modules will not load and you can't run VMs. See links below:

http://forums.fedoraforum.org/showthread.php?t=297838

https://www.virtualbox.org/ticket/11577

Also make sure you have the latest kernel and make, binutils, gcc, dkms, kernel-headers, kernel-devel, and kernel-modules-extra packages installed. If you have to install any of these, reboot, and reinstall VirtualBox.

The easiest workaround is to disable Secure Boot. To have VirtualBox work in Secure Boot requires some knowledge of working with Secure Boot. You need to sign the VirtualBox kernel module with a key and enroll the key in the firmware as MOK (Machine-Owner Key). I followed the steps in the link below and it worked perfectly:

http://gorka.eguileor.com/category/technology/linux/

Summary:

1) Disable Secure Boot (temporarily) in the firmware, reboot, and register the VirtualBox kernel module with sudo /etc/init.d/vboxdrv setup.

2) Create an X.509 key pair with openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/". Replace "MOK" with the name of the file you want for the key, if desired. Replace "Akrog" with the common name you want, if desired. This will create a key pair (MOK.der and MOK.priv) in the working directory of the terminal. I keep my keys in the home folder.

3) Optional: Verify no signature in the module with modinfo vboxdrv. Note that no "signer" field is displayed.

4) Sign the module with sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv).

5) Optional: Verify that the module has been signed with modinfo vboxdrv. Note the new fields for "signer" "sig_key" and "sig_hashalgo". Signer should say "Akrog" or whatever common name you chose in Step 2.

6) Import key into firmware as a MOK (Machine Owner Key) with sudo mokutil --import MOK.der. You need to input a password. Reboot. A new screen will appear asking you to enroll a MOK or continue boot. Follow the directions on the screen to enroll the MOK. You need the password you set earlier in this step to do it.

7) The system will automatically reboot after importing the MOK into the firmware. Go to the motherboard firmware and enable Secure Boot. Reboot.

8) Optional: Verify that the key is loaded with sudo keyctl list %:.system_keyring and that it was UEFI who loaded it with dmesg | grep 'EFI: Loaded cert'. You should see your key with "Akrog" as the signer on both commands.

9) Optional: Verify that the VirtualBox kernel module is loaded with sudo systemctl status vboxdrv and that Secure Boot is enabled with mokutil --sb-state.

10) Done! You should be able to run any VMs with Secure Boot enabled now.

Note ... (more)

edit flag offensive delete link more

Comments

I don't get the "signer" "sig_key" and "sig_hashalgo" fields. I'm using Fedora 23

email_ ( 2016-02-21 09:56:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers. If a question you asked has been answered, accept the best answer by clicking on the checkbox on the left side of the answer.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Question Tools

Follow
3 followers

Stats

Asked: 2015-03-16 15:55:23 +0000

Seen: 1,603 times

Last updated: Mar 19 '15