I started using Centos 8 recently, and I installed VirtualBox to manage my virtual machines, the problem that I encountered with is that my VirtualBox couldn't boot any VMs and it told me to execute this script /sbin/vboxconfig as root, when I run this script the following message appears :
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
vboxdrv vboxnetflt vboxnetadp vboxpci
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.
TelltheBell
There were problems setting up VirtualBox. To re-start the set-up process, run
/sbin/vboxconfig
as root. If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.
Note that my secure boot is enabled. My question is how to sign these kernel modules in Centos 8 ?
Thanks & Best regards, Younes.
Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8
-
- Posts: 3
- Joined: 2021/06/08 14:20:23
Re: Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8
I has the same error on CentOS 7
CentOS 7, Kernel 5.12.8-1.el7.elrepo.x86_64, Virtual Box 6.1 + extension pack
CentOS 7, Kernel 5.12.8-1.el7.elrepo.x86_64, Virtual Box 6.1 + extension pack
-
- Posts: 215
- Joined: 2016/03/16 02:34:19
Re: Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8
Signing the modules is actually fairly simple, but there are a few steps. They are best documented here in the RHEL docs, and if those are inaccessible, here in the Fedora docs. The only challenge I faced was with loading my key into mokutil on the reboot, as there seems to be an issue with ASRock boards not actually loading the UI, so you have to fly blind.
https://access.redhat.com/documentation ... the-kernel
https://docs.fedoraproject.org/en-US/fe ... ecure-boot
The basic process is:
[One Time Task]
1) Generate self-signing certificate
2) Load certificate into mokutil db (which is what the shim bootloader uses, you need to use shim)
3) Reboot and accept the certificate being added
[Kernel/Module Update Task]
4) Sign the kernel modules
5) Reboot or load the modules
I've been signing the NVIDIA kernel modules on my system with this process, and wrote myself a small script to do it for me with each kernel update:
Obviously this would need adjusting for kmods other than NVIDIA's. Please note that the kernel-{ml,lt} packages from ELRepo are not signed for SecureBoot, this may cause issues. You may need to sign the actual kernel itself and its own modules.
Cheers,
Mike
https://access.redhat.com/documentation ... the-kernel
https://docs.fedoraproject.org/en-US/fe ... ecure-boot
The basic process is:
[One Time Task]
1) Generate self-signing certificate
2) Load certificate into mokutil db (which is what the shim bootloader uses, you need to use shim)
3) Reboot and accept the certificate being added
[Kernel/Module Update Task]
4) Sign the kernel modules
5) Reboot or load the modules
I've been signing the NVIDIA kernel modules on my system with this process, and wrote myself a small script to do it for me with each kernel update:
Code: Select all
#!/bin/bash
kernel="$1"
for module in $(find /usr/lib/modules/$kernel/extra/nvidia -type f -name "*.ko")
do
echo "Signing $module ..."
/usr/src/kernels/$kernel/scripts/sign-file sha256 /path/to/mykey.priv /path/to/mykey.der $module
done
Cheers,
Mike
Solution Architect @RedHat | RHCE
Former SysAdmin @BlueSkyStudios and @Pixar
Feature animation and VFX enthusiast
--
Report CentOS Stream 8 bugs: https://da.gd/c8s-bugs
Report CentOS Stream 9 bugs: https://da.gd/c9s-bugs
Former SysAdmin @BlueSkyStudios and @Pixar
Feature animation and VFX enthusiast
--
Report CentOS Stream 8 bugs: https://da.gd/c8s-bugs
Report CentOS Stream 9 bugs: https://da.gd/c9s-bugs
Re: Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8
As an alternative to signing the modules one could disable "Secure Boot" in BIOS/UEFI.
German speaking forum for Fedora and CentOS: https://www.fedoraforum.de/
Re: Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8
If you are dual booting with windows 11 you have no more choice than secure boot.
CentOs 8 to RHEL 8 migrated