Ask Your Question
2

Virtualbox: Error

asked 2015-03-16 10:55:23 -0500

EdwardK gravatar image

updated 2015-03-16 20:45:36 -0500

mether gravatar image

I am trying to install Virtualbox. All I tried fails. installed from repo, did not work, deleted and tries from Virtualbox.org , also failed. Tried installing kmod packages and did help as well.

sudo /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel modules                         [  OK  ]
Uninstalling old VirtualBox DKMS kernel modules            [  OK  ]
Trying to register the VirtualBox kernel modules using DKMS[  OK  ]
Starting VirtualBox kernel modules                         [FAILED]

modprobe vboxdrv 
modprobe: ERROR: could not insert 'vboxdrv': Operation not permitted

I followed this guide here : http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/ and also doesn't work.

uname -r
3.18.9-200.fc21.x86_64

What should I do?

edit retag flag offensive close merge delete

Comments

1

By any chance, do you have Secure Boot enabled?

cgonz31 gravatar imagecgonz31 ( 2015-03-16 11:48:59 -0500 )edit

Also, please don't use hashtags in the question tags.

cgonz31 gravatar imagecgonz31 ( 2015-03-16 11:49:59 -0500 )edit

@cgonz31 sorry, did not notice the hashtag. How do I verify if secure boot is on or not ?

EdwardK gravatar imageEdwardK ( 2015-03-16 12:20:31 -0500 )edit

@cgonz31 I disabled secure boot and VB seems to load. Thanks

EdwardK gravatar imageEdwardK ( 2015-03-16 12:34:26 -0500 )edit
1

OK. So disabling Secure Boot worked. I'll post a more complete answer for reference.

cgonz31 gravatar imagecgonz31 ( 2015-03-16 14:16:46 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
3

answered 2015-03-16 14:39:23 -0500

cgonz31 gravatar image

updated 2015-03-19 15:49:59 -0500

I had the same issue some time ago. Apparently, Secure Boot was to blame. VirtualBox needs to load its own kernel modules which are not signed using the Fedora key. So with Secure Boot enabled, the VirtualBox kernel modules will not load and you can't run VMs. See links below:

http://forums.fedoraforum.org/showthread.php?t=297838

https://www.virtualbox.org/ticket/11577

Also make sure you have the latest kernel and make, binutils, gcc, dkms, kernel-headers, kernel-devel, and kernel-modules-extra packages installed. If you have to install any of these, reboot, and reinstall VirtualBox.

The easiest workaround is to disable Secure Boot. To have VirtualBox work in Secure Boot requires some knowledge of working with Secure Boot. You need to sign the VirtualBox kernel module with a key and enroll the key in the firmware as MOK (Machine-Owner Key). I followed the steps in the link below and it worked perfectly:

http://gorka.eguileor.com/category/technology/linux/

Summary:

1) Disable Secure Boot (temporarily) in the firmware, reboot, and register the VirtualBox kernel module with sudo /etc/init.d/vboxdrv setup.

2) Create an X.509 key pair with openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/". Replace "MOK" with the name of the file you want for the key, if desired. Replace "Akrog" with the common name you want, if desired. This will create a key pair (MOK.der and MOK.priv) in the working directory of the terminal. I keep my keys in the home folder.

3) Optional: Verify no signature in the module with modinfo vboxdrv. Note that no "signer" field is displayed.

4) Sign the module with sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv).

5) Optional: Verify that the module has been signed with modinfo vboxdrv. Note the new fields for "signer" "sig_key" and "sig_hashalgo". Signer should say "Akrog" or whatever common name you chose in Step 2.

6) Import key into firmware as a MOK (Machine Owner Key) with sudo mokutil --import MOK.der. You need to input a password. Reboot. A new screen will appear asking you to enroll a MOK or continue boot. Follow the directions on the screen to enroll the MOK. You need the password you set earlier in this step to do it.

7) The system will automatically reboot after importing the MOK into the firmware. Go to the motherboard firmware and enable Secure Boot. Reboot.

8) Optional: Verify that the key is loaded with sudo keyctl list %:.system_keyring and that it was UEFI who loaded it with dmesg | grep 'EFI: Loaded cert'. You should see your key with "Akrog" as the signer on both commands.

9) Optional: Verify that the VirtualBox kernel module is loaded with sudo systemctl status vboxdrv and that Secure Boot is enabled with mokutil --sb-state.

10) Done! You should be able to run any VMs with Secure Boot enabled now.

Note ... (more)

edit flag offensive delete link more

Comments

I don't get the "signer" "sig_key" and "sig_hashalgo" fields. I'm using Fedora 23

email_ gravatar imageemail_ ( 2016-02-21 03:56:37 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

3 followers

Stats

Asked: 2015-03-16 10:55:23 -0500

Seen: 1,993 times

Last updated: Mar 19 '15