[Bug 1222576] New: Virtualbox doesn't work with secure boot
https://bugzilla.suse.com/show_bug.cgi?id=1222576 Bug ID: 1222576 Summary: Virtualbox doesn't work with secure boot Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: virt-bugs@suse.de Reporter: opendreas@gmail.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- When secure boot is enabled, the virtual machine does not start. "The virtual machine 'Windows 11' has terminated unexpectedly during startup with exit code 1 (0x1). Result Code: NS_ERROR_FAILURE (0X80004005) Component: MachineWrap Interface: IMachine {300763af-5d6b-46e6-aa96-273eac15538a}" "Kernel driver not installed (rc=-1908) The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing '/usr/sbin/vboxconfig' as root. If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information. where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT." -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222576 https://bugzilla.suse.com/show_bug.cgi?id=1222576#c1 --- Comment #1 from Andreas <opendreas@gmail.com> --- Same issue on Leap 15.6. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222576 https://bugzilla.suse.com/show_bug.cgi?id=1222576#c2 Charles Denfer <charles.denfer@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID CC| |charles.denfer@gmail.com --- Comment #2 from Charles Denfer <charles.denfer@gmail.com> --- As mentioned in the error message, you need to sign the kernel modules. This is quite complex, so here is how to do so. First, you need to create a key that will be used to sign the kernel. su mkdir -p /var/lib/shim-signed/mok openssl req -nodes -new -x509 -newkey rsa:2048 -outform DER -addext "extendedKeyUsage=codeSigning" -keyout /var/lib/shim-signed/mok/MOK.priv -out /var/lib/shim-signed/mok/MOK.der sudo mokutil --import /var/lib/shim-signed/mok/MOK.der reboot When rebooting, enroll the new key by typing the password you chose while creating the key. Then, we will create a script to sign the kernel modules. su cd /var/lib/shim-signed/mok vi sign-vbox The script should be like this: #!/bin/bash for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do echo "Signing $modfile" /lib/modules/$(uname -r)/build/scripts/sign-file sha256 \ MOK.priv \ MOK.der "$modfile" done Then we run it. chmod 755 sign-vbox ./sign-vbox reboot Enjoy virtualbox with secure boot enabled! -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com