With Debian testing and SecureBoot enabled:
I need to sign VirtualBox modules, as the output of the vboxconfig command says:
vboxdrv.sh: Stopping VirtualBox services.vboxdrv.sh: Starting VirtualBox services.vboxdrv.sh: You must sign these kernel modules before using VirtualBox: vboxdrv vboxnetflt vboxnetadpSee the documenatation for your Linux distribution..vboxdrv.sh: Building VirtualBox kernel modules.vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.There were problems setting up VirtualBox. To re-start the set-up process, run /sbin/vboxconfigas root. If your system is using EFI Secure Boot you may need to sign thekernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can loadthem. Please see your Linux system's documentation for more information.Following the Debian Wiki about SecureBoot I did:
# openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -days 36500 -subj "/CN=My Name/" -nodes# mokutil --import MOK.der // prompts for one-time password# mokutil --list-new // recheck your key will be prompted on next boot<rebooting machine then enters MOK manager EFI utility: enroll MOK, continue, confirm, enter password, reboot># dmesg | grep cert // verify your key is loadedand signed the modules:
# /usr/src/linux-headers-5.7.0-1-amd64/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der /lib/modules/5.7.0-1-amd64/misc/vboxdrv.ko# /usr/src/linux-headers-5.7.0-1-amd64/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der /lib/modules/5.7.0-1-amd64/misc/vboxnetflt.ko# /usr/src/linux-headers-5.7.0-1-amd64/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der /lib/modules/5.7.0-1-amd64/misc/vboxnetadp.koNote: I didn't signed the module vboxpci becuse with sudo modinfo -n vboxpci it can't be finded:
modinfo: ERROR: Module vboxpci not found.After that if I try to execute again vboxconfig (as root too) I have the same result, as it can't be loads modules:
vboxdrv.sh: Stopping VirtualBox services.vboxdrv.sh: Starting VirtualBox services.vboxdrv.sh: You must sign these kernel modules before using VirtualBox: vboxdrv vboxnetflt vboxnetadpSee the documenatation for your Linux distribution..vboxdrv.sh: Building VirtualBox kernel modules.vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.There were problems setting up VirtualBox. To re-start the set-up process, run /sbin/vboxconfigas root. If your system is using EFI Secure Boot you may need to sign thekernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can loadthem. Please see your Linux system's documentation for more information.NOTE: If I try to load module myself with sudo modprobe vboxdrv I have an error too that says:
modprobe: ERROR: could not insert 'vboxdrv': Operation not permittedAnd dmesg command says that the modules aren't signed:
[ 35.668028] Lockdown: modprobe: unsigned module loading is restricted; see https://wiki.debian.org/SecureBoot[ 59.965757] Lockdown: modprobe: unsigned module loading is restricted; see https://wiki.debian.org/SecureBoot[ 247.249605] Lockdown: modprobe: unsigned module loading is restricted; see https://wiki.debian.org/SecureBootHow can I do??? Without disable SecureBoot?