Could not load 'vboxdrv' after upgrade to Ubuntu 16.04 (and I want to keep secure boot)Virtualbox: Loading of unsigned modules is restrictedVirtualbox issueCan't start vboxdrv serviceVirtualBox Setup on Ubuntu 14.04I'm running the latest Ubuntu 16.10, and can't get Virtualbox to launch VMsVirtualbox always shows an error on starting a VM. (It's working on my Windows 10 but not on Ubuntu 18.04)dkms problem with VirtualBox kernel registration after 15.10 to 16.04 upgradeVirtualBox Installation gives message “modprobe vboxdrv” failedWhy do I get “Required key not available” when install 3rd party kernel modules or after a kernel upgrade?Can't view Wifi networks after upgrading to Ubuntu 16.04Why do I get “Required key not available” when install 3rd party kernel modules or after a kernel upgrade?Unable to disable secure boot with mokutil in 16.04Could not load vboxdrv in Ubuntu 14.04 (and I want to keep secure boot)Can't sign vboxdrv, mokutil thinks Secure Boot is not supported yet it isCannot enroll keys due to Shim IEFI Key Management not showing up after rebootMok Management Will Not Load on BootUpgraded to 17.10, now VirtualBox won't work. Flying blindUbuntu 16.04: VirtualBox Error: Kernel driver not installed (rc=-1908)Enrolling MOK certificate with dkms and virtualbox-dkms (Virtualbox with secure boot enabled)virtual box kernel not found (ubuntu 16.04, vbox 5.02)

Could the museum Saturn V's be refitted for one more flight?

How do I gain back my faith in my PhD degree?

ssTTsSTtRrriinInnnnNNNIiinngg

How can saying a song's name be a copyright violation?

Assassin's bullet with mercury

Should I tell management that I intend to leave due to bad software development practices?

Is it inappropriate for a student to attend their mentor's dissertation defense?

Which is the best way to check return result?

Short story with a alien planet, government officials must wear exploding medallions

Are there any examples of a variable being normally distributed that is *not* due to the Central Limit Theorem?

How dangerous is XSS?

How do conventional missiles fly?

What does “the session was packed” mean in this context?

Am I breaking OOP practice with this architecture?

Why would the Red Woman birth a shadow if she worshipped the Lord of the Light?

GFCI outlets - can they be repaired? Are they really needed at the end of a circuit?

What killed these X2 caps?

Can my sorcerer use a spellbook only to collect spells and scribe scrolls, not cast?

Why was the shrinking from 8″ made only to 5.25″ and not smaller (4″ or less)?

Ambiguity in the definition of entropy

Why do bosons tend to occupy the same state?

Mathematica command that allows it to read my intentions

How can I deal with my CEO asking me to hire someone with a higher salary than me, a co-founder?

How do I deal with an unproductive colleague in a small company?



Could not load 'vboxdrv' after upgrade to Ubuntu 16.04 (and I want to keep secure boot)


Virtualbox: Loading of unsigned modules is restrictedVirtualbox issueCan't start vboxdrv serviceVirtualBox Setup on Ubuntu 14.04I'm running the latest Ubuntu 16.10, and can't get Virtualbox to launch VMsVirtualbox always shows an error on starting a VM. (It's working on my Windows 10 but not on Ubuntu 18.04)dkms problem with VirtualBox kernel registration after 15.10 to 16.04 upgradeVirtualBox Installation gives message “modprobe vboxdrv” failedWhy do I get “Required key not available” when install 3rd party kernel modules or after a kernel upgrade?Can't view Wifi networks after upgrading to Ubuntu 16.04Why do I get “Required key not available” when install 3rd party kernel modules or after a kernel upgrade?Unable to disable secure boot with mokutil in 16.04Could not load vboxdrv in Ubuntu 14.04 (and I want to keep secure boot)Can't sign vboxdrv, mokutil thinks Secure Boot is not supported yet it isCannot enroll keys due to Shim IEFI Key Management not showing up after rebootMok Management Will Not Load on BootUpgraded to 17.10, now VirtualBox won't work. Flying blindUbuntu 16.04: VirtualBox Error: Kernel driver not installed (rc=-1908)Enrolling MOK certificate with dkms and virtualbox-dkms (Virtualbox with secure boot enabled)virtual box kernel not found (ubuntu 16.04, vbox 5.02)













118















I upgrade from Ubuntu 15.10 to 16.04 and since then VirtualBox 5.0.18 isn't starting my VMs anymore. It complains that 'vboxdrv' isn't loaded. So I try to load it and get the following error:



$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I believe it is related to secure boot which I use and which I want to continue using. Actually with Ubuntu 15.10 secure boot and VirtualBox were working just fine.



Also I tried $ sudo apt-get --reinstall install virtualbox-dkms which built the kernel module successfully but didn't solve this issue.



Any idea how to get vboxdrv loaded while keeping secure boot enabled?



Update 2: Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Also I want to keep UEFI activated for a parallel Windows installation.



Note: If you don't mind disabling secure boot, see Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade? instead.






kernel virtualbox 16.04 secure-boot dkms







share|improve this question



















  • 3





    See askubuntu.com/questions/762254/…

    – Pilot6
    Apr 25 '16 at 7:55











  • Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

    – zwets
    May 9 '16 at 9:20











  • Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

    – Dušan Maďar
    Oct 24 '17 at 15:23















118















I upgrade from Ubuntu 15.10 to 16.04 and since then VirtualBox 5.0.18 isn't starting my VMs anymore. It complains that 'vboxdrv' isn't loaded. So I try to load it and get the following error:



$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I believe it is related to secure boot which I use and which I want to continue using. Actually with Ubuntu 15.10 secure boot and VirtualBox were working just fine.



Also I tried $ sudo apt-get --reinstall install virtualbox-dkms which built the kernel module successfully but didn't solve this issue.



Any idea how to get vboxdrv loaded while keeping secure boot enabled?



Update 2: Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Also I want to keep UEFI activated for a parallel Windows installation.



Note: If you don't mind disabling secure boot, see Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade? instead.






kernel virtualbox 16.04 secure-boot dkms







share|improve this question



















  • 3





    See askubuntu.com/questions/762254/…

    – Pilot6
    Apr 25 '16 at 7:55











  • Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

    – zwets
    May 9 '16 at 9:20











  • Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

    – Dušan Maďar
    Oct 24 '17 at 15:23













118












118








118


109






I upgrade from Ubuntu 15.10 to 16.04 and since then VirtualBox 5.0.18 isn't starting my VMs anymore. It complains that 'vboxdrv' isn't loaded. So I try to load it and get the following error:



$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I believe it is related to secure boot which I use and which I want to continue using. Actually with Ubuntu 15.10 secure boot and VirtualBox were working just fine.



Also I tried $ sudo apt-get --reinstall install virtualbox-dkms which built the kernel module successfully but didn't solve this issue.



Any idea how to get vboxdrv loaded while keeping secure boot enabled?



Update 2: Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Also I want to keep UEFI activated for a parallel Windows installation.



Note: If you don't mind disabling secure boot, see Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade? instead.






kernel virtualbox 16.04 secure-boot dkms







share|improve this question
















I upgrade from Ubuntu 15.10 to 16.04 and since then VirtualBox 5.0.18 isn't starting my VMs anymore. It complains that 'vboxdrv' isn't loaded. So I try to load it and get the following error:



$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I believe it is related to secure boot which I use and which I want to continue using. Actually with Ubuntu 15.10 secure boot and VirtualBox were working just fine.



Also I tried $ sudo apt-get --reinstall install virtualbox-dkms which built the kernel module successfully but didn't solve this issue.



Any idea how to get vboxdrv loaded while keeping secure boot enabled?



Update 2: Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Also I want to keep UEFI activated for a parallel Windows installation.



Note: If you don't mind disabling secure boot, see Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade? instead.






kernel virtualbox 16.04 secure-boot dkms




kernel virtualbox 16.04 secure-boot dkms






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 13 '17 at 12:23









Community

1




1










asked Apr 22 '16 at 16:10









jansjans

7733611




7733611







  • 3





    See askubuntu.com/questions/762254/…

    – Pilot6
    Apr 25 '16 at 7:55











  • Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

    – zwets
    May 9 '16 at 9:20











  • Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

    – Dušan Maďar
    Oct 24 '17 at 15:23












  • 3





    See askubuntu.com/questions/762254/…

    – Pilot6
    Apr 25 '16 at 7:55











  • Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

    – zwets
    May 9 '16 at 9:20











  • Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

    – Dušan Maďar
    Oct 24 '17 at 15:23







3




3





See askubuntu.com/questions/762254/…

– Pilot6
Apr 25 '16 at 7:55





See askubuntu.com/questions/762254/…

– Pilot6
Apr 25 '16 at 7:55













Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

– zwets
May 9 '16 at 9:20





Though this question is a duplicate of askubuntu.com/questions/762254/…, that question does not feature the answer given by @Majal below.

– zwets
May 9 '16 at 9:20













Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

– Dušan Maďar
Oct 24 '17 at 15:23





Step by step guide: stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail

– Dušan Maďar
Oct 24 '17 at 15:23










6 Answers
6






active

oldest

votes


















158














Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.



So let's try it.




  1. Create signing keys



    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"


    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'




  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko) for full functionality)



    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)



  3. Confirm the module is signed



    tail $(modinfo -n vboxdrv) | grep "Module signature appended"



  4. Register the keys to Secure Boot



    sudo mokutil --import MOK.der


    which will ask for a password to use to confirm the import in the next step.



  5. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.



  6. Confirm the key is enrolled



    mokutil --test-key MOK.der


If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.



Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.



Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.






share|improve this answer




















  • 7





    I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

    – sasha_trn
    May 7 '16 at 19:40






  • 3





    Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

    – TylersSN
    Jun 13 '16 at 20:28






  • 1





    @zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

    – adempewolff
    Jul 9 '16 at 6:32






  • 3





    @adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

    – zwets
    Jul 11 '16 at 8:54






  • 1





    @Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

    – one-mb
    Aug 7 '16 at 21:13



















14














On my system I did the following to make it work:



Run mokutil:



sudo mokutil --disable-validation


Then mokutil asked me to set a password for the MOK Manager.
After rebooting the PC the BIOS showed a dialog to configure the MOK Manager.
I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).



After booting up the vboxdrv modules loaded correctly.



lsmod | grep vboxdrv
vboxdrv 454656 3 vboxnetadp,vboxnetflt,vboxpci


Curiously, mokutil still shows SecureBoot is enabled:



sudo mokutil --sb-state
SecureBoot enabled





share|improve this answer


















  • 5





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:30






  • 1





    Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

    – jaywink
    May 18 '16 at 8:42


















4














You can disable the validation check by



sudo apt install mokutil
sudo mokutil --disable-validation


After that DKMS packages should install.






share|improve this answer




















  • 2





    Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

    – jans
    Apr 26 '16 at 18:28






  • 2





    Try to disable secure boot. You can enable it back, if that does not help.

    – Pilot6
    Apr 26 '16 at 22:02











  • I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

    – xhudik
    Oct 2 '18 at 9:45


















0














I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.






share|improve this answer

























  • Hey, could you please elaborate? Where did you download it from? PPA or deb file?

    – Karthik Nishanth
    Apr 23 '16 at 4:34






  • 1





    I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

    – Reling
    Apr 24 '16 at 7:11












  • Extension pack doesnt rectify the error. The error is about signing the module

    – Karthik Nishanth
    Apr 25 '16 at 15:43












  • This doesn't apply to my problem.

    – jans
    Apr 26 '16 at 18:24






  • 1





    This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

    – zwets
    May 9 '16 at 8:04


















0














Alright so after a bit of testing I'm pretty sure this is a secure boot issue.



As in if it's enabled then this is thrown:




WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.4.0-21-generic) or it failed to
load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup




However if secure boot is disabled then virtualbox loads just fine with no errors.



I still have my bios set as UEFI.






share|improve this answer


















  • 3





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:25


















0














I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).



After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:



modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).



What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.



Virtualbox works fine now.



Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.






share|improve this answer




















  • 2





    Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

    – jans
    Apr 26 '16 at 18:26











  • Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

    – Zeine77
    Apr 26 '16 at 18:50






  • 1





    @Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

    – zwets
    May 9 '16 at 8:11












  • @zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

    – Zeine77
    May 10 '16 at 2:22









protected by Community Jul 24 '16 at 13:17



Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



Would you like to answer one of these unanswered questions instead?














6 Answers
6






active

oldest

votes








6 Answers
6






active

oldest

votes









active

oldest

votes






active

oldest

votes









158














Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.



So let's try it.




  1. Create signing keys



    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"


    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'




  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko) for full functionality)



    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)



  3. Confirm the module is signed



    tail $(modinfo -n vboxdrv) | grep "Module signature appended"



  4. Register the keys to Secure Boot



    sudo mokutil --import MOK.der


    which will ask for a password to use to confirm the import in the next step.



  5. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.



  6. Confirm the key is enrolled



    mokutil --test-key MOK.der


If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.



Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.



Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.






share|improve this answer




















  • 7





    I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

    – sasha_trn
    May 7 '16 at 19:40






  • 3





    Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

    – TylersSN
    Jun 13 '16 at 20:28






  • 1





    @zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

    – adempewolff
    Jul 9 '16 at 6:32






  • 3





    @adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

    – zwets
    Jul 11 '16 at 8:54






  • 1





    @Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

    – one-mb
    Aug 7 '16 at 21:13
















158














Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.



So let's try it.




  1. Create signing keys



    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"


    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'




  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko) for full functionality)



    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)



  3. Confirm the module is signed



    tail $(modinfo -n vboxdrv) | grep "Module signature appended"



  4. Register the keys to Secure Boot



    sudo mokutil --import MOK.der


    which will ask for a password to use to confirm the import in the next step.



  5. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.



  6. Confirm the key is enrolled



    mokutil --test-key MOK.der


If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.



Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.



Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.






share|improve this answer




















  • 7





    I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

    – sasha_trn
    May 7 '16 at 19:40






  • 3





    Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

    – TylersSN
    Jun 13 '16 at 20:28






  • 1





    @zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

    – adempewolff
    Jul 9 '16 at 6:32






  • 3





    @adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

    – zwets
    Jul 11 '16 at 8:54






  • 1





    @Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

    – one-mb
    Aug 7 '16 at 21:13














158












158








158







Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.



So let's try it.




  1. Create signing keys



    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"


    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'




  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko) for full functionality)



    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)



  3. Confirm the module is signed



    tail $(modinfo -n vboxdrv) | grep "Module signature appended"



  4. Register the keys to Secure Boot



    sudo mokutil --import MOK.der


    which will ask for a password to use to confirm the import in the next step.



  5. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.



  6. Confirm the key is enrolled



    mokutil --test-key MOK.der


If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.



Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.



Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.






share|improve this answer















Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. Because you want to keep Secure Boot, then the next logical step is to sign those modules.



So let's try it.




  1. Create signing keys



    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"


    Option: for additional security, skip the -nodes switch, which will ask for a password. Then before moving on to the next step, make sure to export KBUILD_SIGN_PIN='yourpassword'




  2. Sign the module (vboxdrv for this example, but repeat for other modules in ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko) for full functionality)



    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)



  3. Confirm the module is signed



    tail $(modinfo -n vboxdrv) | grep "Module signature appended"



  4. Register the keys to Secure Boot



    sudo mokutil --import MOK.der


    which will ask for a password to use to confirm the import in the next step.



  5. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.



  6. Confirm the key is enrolled



    mokutil --test-key MOK.der


If VirtualBox still does not load, it may be because the module didn't load (sudo modprobe vboxdrv will fix that) or that the key is not signed. Simply repeat that step and everything should work fine.



Resources: Detailed website article for Fedora and Ubuntu implementation of module signing. @zwets for additional security. @shasha_trn for mentioning all the modules.



Additional resource: I created a bash script for my own use every time virtualbox-dkms upgrades and thus overwrites the signed modules. Check out my vboxsign originally on GitHub.







share|improve this answer














share|improve this answer



share|improve this answer








edited 47 mins ago

























answered May 6 '16 at 5:57









MajalMajal

4,81532234




4,81532234







  • 7





    I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

    – sasha_trn
    May 7 '16 at 19:40






  • 3





    Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

    – TylersSN
    Jun 13 '16 at 20:28






  • 1





    @zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

    – adempewolff
    Jul 9 '16 at 6:32






  • 3





    @adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

    – zwets
    Jul 11 '16 at 8:54






  • 1





    @Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

    – one-mb
    Aug 7 '16 at 21:13













  • 7





    I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

    – sasha_trn
    May 7 '16 at 19:40






  • 3





    Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

    – TylersSN
    Jun 13 '16 at 20:28






  • 1





    @zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

    – adempewolff
    Jul 9 '16 at 6:32






  • 3





    @adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

    – zwets
    Jul 11 '16 at 8:54






  • 1





    @Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

    – one-mb
    Aug 7 '16 at 21:13








7




7





I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

– sasha_trn
May 7 '16 at 19:40





I also signed vboxnetadp, vboxnetflt, vboxpci modules to have network and pass throw pci devices in virtual machines.

– sasha_trn
May 7 '16 at 19:40




3




3





Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

– TylersSN
Jun 13 '16 at 20:28





Extending @majal's answer, I had to execute sudo apt install --reinstall virtualbox-dkms before following the instructions provided.

– TylersSN
Jun 13 '16 at 20:28




1




1





@zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

– adempewolff
Jul 9 '16 at 6:32





@zwets could you possibly elaborate on how to properly set the KBUILD_SIGN_PIN environmental variable? export KBUILD_SIGN_PIN=password and export KBUILD_SIGN_PIN="password" before step 2 both resulted in SSL error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read: pem_pkey.c:117

– adempewolff
Jul 9 '16 at 6:32




3




3





@adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

– zwets
Jul 11 '16 at 8:54





@adempewolff If you password contains characters that your shell will interpret (e.g. '$' in a quoted string), you will need to enclose it in apostrophes (').

– zwets
Jul 11 '16 at 8:54




1




1





@Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

– one-mb
Aug 7 '16 at 21:13






@Majal Thank you for your answer! I also favour signing the modules instead of disabling the feature. I can add: (1) This does also apply to VMware modules "vmmon" and "vmnet", which share the same fate. (2) While adding your created keys, choose your password wisely. During the reboot and secure-boot enrollment phase, your keyboard layout might differ from your locale settings. (-> US-Layout)

– one-mb
Aug 7 '16 at 21:13














14














On my system I did the following to make it work:



Run mokutil:



sudo mokutil --disable-validation


Then mokutil asked me to set a password for the MOK Manager.
After rebooting the PC the BIOS showed a dialog to configure the MOK Manager.
I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).



After booting up the vboxdrv modules loaded correctly.



lsmod | grep vboxdrv
vboxdrv 454656 3 vboxnetadp,vboxnetflt,vboxpci


Curiously, mokutil still shows SecureBoot is enabled:



sudo mokutil --sb-state
SecureBoot enabled





share|improve this answer


















  • 5





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:30






  • 1





    Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

    – jaywink
    May 18 '16 at 8:42















14














On my system I did the following to make it work:



Run mokutil:



sudo mokutil --disable-validation


Then mokutil asked me to set a password for the MOK Manager.
After rebooting the PC the BIOS showed a dialog to configure the MOK Manager.
I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).



After booting up the vboxdrv modules loaded correctly.



lsmod | grep vboxdrv
vboxdrv 454656 3 vboxnetadp,vboxnetflt,vboxpci


Curiously, mokutil still shows SecureBoot is enabled:



sudo mokutil --sb-state
SecureBoot enabled





share|improve this answer


















  • 5





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:30






  • 1





    Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

    – jaywink
    May 18 '16 at 8:42













14












14








14







On my system I did the following to make it work:



Run mokutil:



sudo mokutil --disable-validation


Then mokutil asked me to set a password for the MOK Manager.
After rebooting the PC the BIOS showed a dialog to configure the MOK Manager.
I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).



After booting up the vboxdrv modules loaded correctly.



lsmod | grep vboxdrv
vboxdrv 454656 3 vboxnetadp,vboxnetflt,vboxpci


Curiously, mokutil still shows SecureBoot is enabled:



sudo mokutil --sb-state
SecureBoot enabled





share|improve this answer













On my system I did the following to make it work:



Run mokutil:



sudo mokutil --disable-validation


Then mokutil asked me to set a password for the MOK Manager.
After rebooting the PC the BIOS showed a dialog to configure the MOK Manager.
I disabled SecureBoot from this dialog, it asked for several characters from the password (ie. enter character (5), etc).



After booting up the vboxdrv modules loaded correctly.



lsmod | grep vboxdrv
vboxdrv 454656 3 vboxnetadp,vboxnetflt,vboxpci


Curiously, mokutil still shows SecureBoot is enabled:



sudo mokutil --sb-state
SecureBoot enabled






share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 26 '16 at 16:16









PochoPocho

1573




1573







  • 5





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:30






  • 1





    Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

    – jaywink
    May 18 '16 at 8:42












  • 5





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:30






  • 1





    Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

    – jaywink
    May 18 '16 at 8:42







5




5





As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

– jans
Apr 26 '16 at 18:30





As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

– jans
Apr 26 '16 at 18:30




1




1





Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

– jaywink
May 18 '16 at 8:42





Didn't want to disable secure boot but in the end had to do this since nothing else would work - don't want to start signing things manually every time a kernel update comes.. Pity this is the only easy solution forward. Btw, UEFI still says secure boot is enabled. ¯_(ツ)_/¯

– jaywink
May 18 '16 at 8:42











4














You can disable the validation check by



sudo apt install mokutil
sudo mokutil --disable-validation


After that DKMS packages should install.






share|improve this answer




















  • 2





    Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

    – jans
    Apr 26 '16 at 18:28






  • 2





    Try to disable secure boot. You can enable it back, if that does not help.

    – Pilot6
    Apr 26 '16 at 22:02











  • I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

    – xhudik
    Oct 2 '18 at 9:45















4














You can disable the validation check by



sudo apt install mokutil
sudo mokutil --disable-validation


After that DKMS packages should install.






share|improve this answer




















  • 2





    Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

    – jans
    Apr 26 '16 at 18:28






  • 2





    Try to disable secure boot. You can enable it back, if that does not help.

    – Pilot6
    Apr 26 '16 at 22:02











  • I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

    – xhudik
    Oct 2 '18 at 9:45













4












4








4







You can disable the validation check by



sudo apt install mokutil
sudo mokutil --disable-validation


After that DKMS packages should install.






share|improve this answer















You can disable the validation check by



sudo apt install mokutil
sudo mokutil --disable-validation


After that DKMS packages should install.







share|improve this answer














share|improve this answer



share|improve this answer








edited Sep 28 '16 at 6:28









Zanna

51.2k13139243




51.2k13139243










answered Apr 25 '16 at 7:39









Pilot6Pilot6

53.8k15110198




53.8k15110198







  • 2





    Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

    – jans
    Apr 26 '16 at 18:28






  • 2





    Try to disable secure boot. You can enable it back, if that does not help.

    – Pilot6
    Apr 26 '16 at 22:02











  • I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

    – xhudik
    Oct 2 '18 at 9:45












  • 2





    Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

    – jans
    Apr 26 '16 at 18:28






  • 2





    Try to disable secure boot. You can enable it back, if that does not help.

    – Pilot6
    Apr 26 '16 at 22:02











  • I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

    – xhudik
    Oct 2 '18 at 9:45







2




2





Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

– jans
Apr 26 '16 at 18:28





Also I tried executing sudo mokutil --disable-validation. When executing this command, during the next boot I get prompted to disable secure boot, add a key or hash from disk. Since I don't want to disable secure boot, it seems that this doesn't solve my issue either. Please let me know in case I misunderstood this command.

– jans
Apr 26 '16 at 18:28




2




2





Try to disable secure boot. You can enable it back, if that does not help.

– Pilot6
Apr 26 '16 at 22:02





Try to disable secure boot. You can enable it back, if that does not help.

– Pilot6
Apr 26 '16 at 22:02













I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

– xhudik
Oct 2 '18 at 9:45





I tried to disable secure boot - but it is still enabled :( (ubuntu 18.04)

– xhudik
Oct 2 '18 at 9:45











0














I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.






share|improve this answer

























  • Hey, could you please elaborate? Where did you download it from? PPA or deb file?

    – Karthik Nishanth
    Apr 23 '16 at 4:34






  • 1





    I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

    – Reling
    Apr 24 '16 at 7:11












  • Extension pack doesnt rectify the error. The error is about signing the module

    – Karthik Nishanth
    Apr 25 '16 at 15:43












  • This doesn't apply to my problem.

    – jans
    Apr 26 '16 at 18:24






  • 1





    This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

    – zwets
    May 9 '16 at 8:04















0














I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.






share|improve this answer

























  • Hey, could you please elaborate? Where did you download it from? PPA or deb file?

    – Karthik Nishanth
    Apr 23 '16 at 4:34






  • 1





    I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

    – Reling
    Apr 24 '16 at 7:11












  • Extension pack doesnt rectify the error. The error is about signing the module

    – Karthik Nishanth
    Apr 25 '16 at 15:43












  • This doesn't apply to my problem.

    – jans
    Apr 26 '16 at 18:24






  • 1





    This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

    – zwets
    May 9 '16 at 8:04













0












0








0







I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.






share|improve this answer















I got error about vboxdrv after upgrade too. But there was problem with old version (5.0.14) of Oracle VM VirtualBox Extension Pack. I downloaded and installed newer version (5.0.18) of this pack and problem disappeared.







share|improve this answer














share|improve this answer



share|improve this answer








edited Apr 22 '16 at 22:48

























answered Apr 22 '16 at 22:41









RelingReling

92




92












  • Hey, could you please elaborate? Where did you download it from? PPA or deb file?

    – Karthik Nishanth
    Apr 23 '16 at 4:34






  • 1





    I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

    – Reling
    Apr 24 '16 at 7:11












  • Extension pack doesnt rectify the error. The error is about signing the module

    – Karthik Nishanth
    Apr 25 '16 at 15:43












  • This doesn't apply to my problem.

    – jans
    Apr 26 '16 at 18:24






  • 1





    This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

    – zwets
    May 9 '16 at 8:04

















  • Hey, could you please elaborate? Where did you download it from? PPA or deb file?

    – Karthik Nishanth
    Apr 23 '16 at 4:34






  • 1





    I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

    – Reling
    Apr 24 '16 at 7:11












  • Extension pack doesnt rectify the error. The error is about signing the module

    – Karthik Nishanth
    Apr 25 '16 at 15:43












  • This doesn't apply to my problem.

    – jans
    Apr 26 '16 at 18:24






  • 1





    This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

    – zwets
    May 9 '16 at 8:04
















Hey, could you please elaborate? Where did you download it from? PPA or deb file?

– Karthik Nishanth
Apr 23 '16 at 4:34





Hey, could you please elaborate? Where did you download it from? PPA or deb file?

– Karthik Nishanth
Apr 23 '16 at 4:34




1




1





I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

– Reling
Apr 24 '16 at 7:11






I downloaded Extension pack from downloads on VirtualBox site, link is "VirtualBox 5.0.18 Oracle VM VirtualBox Extension Pack -> All supported platforms". Then I opened File > Preferences on Oracle VM Virtual Box Manager, selected "Extensions", and added downloaded file to list. It replaced old version of "Oracle VM VirtualBox Extension Pack" (was 5.0.14rxxxxxx).

– Reling
Apr 24 '16 at 7:11














Extension pack doesnt rectify the error. The error is about signing the module

– Karthik Nishanth
Apr 25 '16 at 15:43






Extension pack doesnt rectify the error. The error is about signing the module

– Karthik Nishanth
Apr 25 '16 at 15:43














This doesn't apply to my problem.

– jans
Apr 26 '16 at 18:24





This doesn't apply to my problem.

– jans
Apr 26 '16 at 18:24




1




1





This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

– zwets
May 9 '16 at 8:04





This is unrelated to the problem of the OP. The error message "Required key not available" indicates that the issue is due to an unsigned kernel module on a Secure Boot enabled platform. No VirtualBox update can fix this unless it includes a module signed using a key trusted by the kernel. I.e. either Canonical must sign it, or Oracle must sign it and its public key must be added to the kernel's (or your platform's) trusted keys.

– zwets
May 9 '16 at 8:04











0














Alright so after a bit of testing I'm pretty sure this is a secure boot issue.



As in if it's enabled then this is thrown:




WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.4.0-21-generic) or it failed to
load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup




However if secure boot is disabled then virtualbox loads just fine with no errors.



I still have my bios set as UEFI.






share|improve this answer


















  • 3





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:25















0














Alright so after a bit of testing I'm pretty sure this is a secure boot issue.



As in if it's enabled then this is thrown:




WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.4.0-21-generic) or it failed to
load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup




However if secure boot is disabled then virtualbox loads just fine with no errors.



I still have my bios set as UEFI.






share|improve this answer


















  • 3





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:25













0












0








0







Alright so after a bit of testing I'm pretty sure this is a secure boot issue.



As in if it's enabled then this is thrown:




WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.4.0-21-generic) or it failed to
load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup




However if secure boot is disabled then virtualbox loads just fine with no errors.



I still have my bios set as UEFI.






share|improve this answer













Alright so after a bit of testing I'm pretty sure this is a secure boot issue.



As in if it's enabled then this is thrown:




WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.4.0-21-generic) or it failed to
load. Please recompile the kernel module and install it by sudo /sbin/rcvboxdrv setup




However if secure boot is disabled then virtualbox loads just fine with no errors.



I still have my bios set as UEFI.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 23 '16 at 16:22









David HaynesDavid Haynes

91




91







  • 3





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:25












  • 3





    As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

    – jans
    Apr 26 '16 at 18:25







3




3





As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

– jans
Apr 26 '16 at 18:25





As stated in my question, I want to continue using secure boot. So disabling secure boot doesn't solve the issue.

– jans
Apr 26 '16 at 18:25











0














I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).



After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:



modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).



What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.



Virtualbox works fine now.



Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.






share|improve this answer




















  • 2





    Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

    – jans
    Apr 26 '16 at 18:26











  • Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

    – Zeine77
    Apr 26 '16 at 18:50






  • 1





    @Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

    – zwets
    May 9 '16 at 8:11












  • @zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

    – Zeine77
    May 10 '16 at 2:22















0














I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).



After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:



modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).



What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.



Virtualbox works fine now.



Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.






share|improve this answer




















  • 2





    Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

    – jans
    Apr 26 '16 at 18:26











  • Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

    – Zeine77
    Apr 26 '16 at 18:50






  • 1





    @Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

    – zwets
    May 9 '16 at 8:11












  • @zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

    – Zeine77
    May 10 '16 at 2:22













0












0








0







I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).



After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:



modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).



What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.



Virtualbox works fine now.



Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.






share|improve this answer















I had the same issue today, I had Windows 10 and Ubuntu 15.10 on a dual boot with uefi enabled on Bios (I didn't disable it so I can run the pre-installed Windows).



After upgrading to Ubuntu 16.04 VirtualBox stopped loading my VMs with the same error message:



modprobe: ERROR: could not insert 'vboxdrv': Required key not available


I suspected UEFI issue because while upgrading the installer asked me if I want to disable it, to which I responded No (Because Yes may make my Windows unusable).



What I did is going to Bios and enable support for legacy BIOS boot WITHOUT disabling secure boot.



Virtualbox works fine now.



Update: As @zwets rightly pointed in the comment, enabling legacy modules causes secure boot to be disabled.







share|improve this answer














share|improve this answer



share|improve this answer








edited May 10 '16 at 2:14

























answered Apr 22 '16 at 23:23









Zeine77Zeine77

468




468







  • 2





    Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

    – jans
    Apr 26 '16 at 18:26











  • Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

    – Zeine77
    Apr 26 '16 at 18:50






  • 1





    @Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

    – zwets
    May 9 '16 at 8:11












  • @zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

    – Zeine77
    May 10 '16 at 2:22












  • 2





    Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

    – jans
    Apr 26 '16 at 18:26











  • Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

    – Zeine77
    Apr 26 '16 at 18:50






  • 1





    @Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

    – zwets
    May 9 '16 at 8:11












  • @zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

    – Zeine77
    May 10 '16 at 2:22







2




2





Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

– jans
Apr 26 '16 at 18:26





Actually I also need UEFI to boot a parallel Windows installation. So disabling it isn't an option for me either. I updated my question accordingly.

– jans
Apr 26 '16 at 18:26













Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

– Zeine77
Apr 26 '16 at 18:50





Have you enabled Support for legacy BIOS modules? This is another option in UEFI bios, different than secure boot.

– Zeine77
Apr 26 '16 at 18:50




1




1





@Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

– zwets
May 9 '16 at 8:11






@Zeine77 can you verify that your BIOS allows enabling "legacy modules" while Secure Boot remains enabled? This is highly unlikely, as the first option allows untrusted code to run in kernel space, which defeats the purpose of the second.

– zwets
May 9 '16 at 8:11














@zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

– Zeine77
May 10 '16 at 2:22





@zwets you are right, I just checked my bios settings; and enabling legacy modules caused secure boot to be disabled. I assumed, as explained in the response, that disabling secure boot would cause Windows 10 boot to fail, this isn't the case. When I first installed 15.10 (Months ago) I took care to not disable secure boot as this would damage Win 10 installation. Does this mean that the pre installed Win 10 works fine with secure mode disabled ?

– Zeine77
May 10 '16 at 2:22





protected by Community Jul 24 '16 at 13:17



Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



Would you like to answer one of these unanswered questions instead?



-

Popular posts from this blog

Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

Image
Localidades de Baden-Wurtemberg municipioalemándistrito de LuisburgoBaden-WurtembergLuisburgoCasa de WurtembergGuerra de los Treinta AñosGuerra de los Nueve Años Möglingen Municipio Iglesia gótica de San Pancracio. Escudo Möglingen Localización de Möglingen en Alemania Ubicación de Möglingen Coordenadas 48°53′18″N 9°07′45″E  /  48.888333333333, 9.1291666666667 Coordenadas: 48°53′18″N 9°07′45″E  /  48.888333333333, 9.1291666666667 Entidad Municipio  • País   Alemania  • Estado Baden-Wurtemberg  • Distrito Luisburgo Superficie    • Total 9,93 km², 9,95 km² y 9,93 km² Altitud    • Media 297 m s. n. m. Población (2014)    • Total 10 983 hab.  • Densidad Expresión errónea: carácter de puntuación « » desconocido, hab/km² Huso horario UTC+01:00 y UTC+02:00 Código postal 71696 Prefijo telefónico 07141 Matrícula LB Número oficial de comunidad 08118051 Sitio web oficial [editar datos en Wikidata] Möglingen es un municipio alemán perteneciente al distrito de Luisburgo de Baden-Wurtember
Read more

Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

Image
Fear of getting stuck on one programming language / technology that is not used in my country Do the primes contain an infinite almost arithmetic progression? Biological Blimps: Propulsion Are Captain Marvel's powers affected by Thanos' actions in Infinity War Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size? Can a College of Swords bard use a Blade Flourish option on an opportunity attack provoked by their own Dissonant Whispers spell? Can disgust be a key component of horror? Can I say "fingers" when referring to toes? What is Cash Advance APR? Why Shazam when there is already Superman? What does "Scientists rise up against statistical significance" mean? (Comment in Nature) What does chmod -u do? What should you do when eye contact makes your subordinate uncomfortable? Issue while creating Apex class using API How much character growth crosses the line into breaking the charac
Read more

Antonio De Lisio Carrera Referencias Menú de navegación«Caracas: evolución relacional multipleja»«Cuando los gobiernos subestiman a las localidades: L a Iniciativa para la Integración de la Infraestructura Regional Suramericana (IIRSA) en la frontera Colombo-Venezolana»«Maestría en Planificación Integral del Ambiente»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»«Conózcanos»«Caracas: evolución relacional multipleja»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»

Profesores de VenezuelaNacidos en 1956Geógrafos de Venezuela PlanificaciónEcologíaAmbientedesarrollo sustentableUniversidad Central de VenezuelaUniversidad Central de VenezuelaAsamblea Nacional de VenezuelaUniversidad Central de VenezuelaUniversidad de París VIIUniversidad Central de Venezuela Antonio De Lisio (nacido en 1956), es un geógrafo y profesor universitario italiano/venezolano. Se destaca como investigador en las áreas de Planificación,Ecología, Ambiente y desarrollo sustentable. [ 1 ] ​ Fue director del Centro de Estudios Integrales del Ambiente (CENAMB) de la Universidad Central de Venezuela (1992-2009). [ 2 ] ​ Carrera De Lisio es profesor titular de la Facultad de Arquitectura y Urbanismo y del CENAMB de la Universidad Central de Venezuela. Impartiendo las cátedras de “Teoría de la Arquitectura” en la Escuela Arquitectura Carlos Raúl Villanueva, y a nivel de postgrado “Perspectiva Ambiental del Desarrollo” en la maestría de Planificación Integral del Ambiente. [ 3 ] ​
Read more