Charles Denfer changed bug 1222576
What Removed Added
Status NEW RESOLVED
Resolution --- INVALID
CC   charles.denfer@gmail.com

Comment # 2 on bug 1222576 from Charles Denfer 
As mentioned in the error message, you need to sign the kernel modules.

This is quite complex, so here is how to do so.

First, you need to create a key that will be used to sign the kernel.

su
mkdir -p /var/lib/shim-signed/mok
openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext
"extendedKeyUsage=codeSigning" -keyout /var/lib/shim-signed/mok/MOK.priv -out
/var/lib/shim-signed/mok/MOK.der
sudo mokutil --import /var/lib/shim-signed/mok/MOK.der
reboot

When rebooting, enroll the new key by typing the password you chose while
creating the key.

Then, we will create a script to sign the kernel modules.

su
cd /var/lib/shim-signed/mok
vi sign-vbox

The script should be like this:

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /lib/modules/$(uname -r)/build/scripts/sign-file sha256 \
                                MOK.priv \
                                MOK.der "$modfile"
done

Then we run it.

chmod 755 sign-vbox
./sign-vbox
reboot

Enjoy virtualbox with secure boot enabled!

You are receiving this mail because: