165

I upgrade from Ubuntu 15.10 to 16.04 and since then VirtualBox 5.0.18 isn't starting my VMs anymore. It complains that 'vboxdrv' isn't loaded. So I try to load it and get the following error:

$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available

I believe it is related to secure boot which I use and which I want to continue using. Actually with Ubuntu 15.10 secure boot and VirtualBox were working just fine.

Also I tried $ sudo apt-get --reinstall install virtualbox-dkms which built the kernel module successfully but didn't solve this issue.

Any idea how to get vboxdrv loaded while keeping secure boot enabled?

Update 2: Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Also I want to keep UEFI activated for a parallel Windows installation.

Note: If you don't mind disabling secure boot, see Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade? instead.

Community
  • 1
jans
  • 1,935

9 Answers9

217

Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.

So let's try it.

  1. Create signing keys

    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"

    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'

  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv)/vbox*.ko) for full functionality)

    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)

  3. Confirm the module is signed

    tail $(modinfo -n vboxdrv) | grep "Module signature appended"

  4. Register the keys to Secure Boot

    sudo mokutil --import MOK.der

    which will ask for a password to use to confirm the import in the next step. Choose any password you like and remember it.

  5. Reboot and follow instructions displayed on your screen to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.

  6. Confirm the key is enrolled

    mokutil --test-key MOK.der

If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.

Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.

Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.

Flimm
  • 44,031
Majal
  • 8,249
24

I know that this question is too old, but because there is no accepted answer and none of these answers solved the issue in my case, I am writing how I solved this today without disabling the Secure Boot:

When running this command, get this error:

$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available

The problem is that the module is not signed and therefore not loaded with the kernel. This will happen if your computer has the SecureBoot mode activated, something very common in modern equipment.

That's why I get this error opening any machine in the virtual box

Kernel driver not installed (rc=-1908)

Do the following steps to sign a driver, and it is loaded as a kernel module, on Ubuntu systems and also on Debian 9:

1. Install the mokutil package to be able to do signed.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install mokutil

2. generate the signature file:

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"

It will display some ASCII characters in the terminal.

3. Then add it to the kernel:

sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)

4. Register it for the Secure Boot.

IMPORTANT! That will ask you for a password, put the one you want, you will only have to use it once in the next reboot.

sudo mokutil --import MOK.der

5. Finally, restart the computer. A blue screen will appear with a keyboard wait, press the key that asks you to interrupt the boot.

enter image description here

When you are inside the blue screen, select

Enroll MOK > Continue > and it will ask you for the password

that you have previously entered (knowing that the keyboard is reset to QWERTY), you will enter it and you will be informed that the operation has been completed successfully.

Now your operating system will start and you can now use VirtualBox without problem :)

Hope this help someone.

Olivier
  • 127
Adriana Hernández
  • 391
20

On my system I did the following to make it work:

Run mokutil:

sudo mokutil --disable-validation

Then mokutil asked me to set a password for the MOK Manager. After rebooting the PC the BIOS showed a dialog to configure the MOK Manager. I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).

After booting up the vboxdrv modules loaded correctly.

lsmod | grep vboxdrv
vboxdrv               454656  3 vboxnetadp,vboxnetflt,vboxpci

Curiously, mokutil still shows SecureBoot is enabled:

sudo mokutil --sb-state
SecureBoot enabled
Pocho
  • 317
4

You can disable the validation check by

sudo apt install mokutil
sudo mokutil --disable-validation

After that DKMS packages should install.

Zanna
  • 72,312
Pilot6
  • 92,041
1

I had this problem with Ubuntu 20.04 (after new install.) I was not running UEFI in bios, and was doing an auto login on Ubuntu.

What fixed it is I changed the auto login to not auto login, and turned UEFI on in bios.

MeSo2
  • 451
0

This worked for me ( build 5.11.0-27-generic )

sudo apt-get autoremove virtualbox-dkms sudo apt-get install virtualbox

it has been recompiled with the new kernel :)

SimoneB
  • 111
0

I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.

Reling
  • 9
0

I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).

After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:

modprobe: ERROR: could not insert 'vboxdrv': Required key not available

I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).

What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.

Virtualbox works fine now.

Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.

Zeine77
  • 91
0

Alright so after a bit of testing I'm pretty sure this is a secure boot issue.

As in if it's enabled then this is thrown:

WARNING: The vboxdrv kernel module is not loaded. Either there is no module available for the current kernel (4.4.0-21-generic) or it failed to load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup

However if secure boot is disabled then virtualbox loads just fine with no errors.

I still have my bios set as UEFI.

David Haynes
  • 9