GRUB2 UEFI SecureBoot vulnerabilities - 2021
https://www.debian.org/security/2021-GR ... ecureBoot/
I have been able to sign the vbox modules, after each kernel update since installation (Debian 10.5). I use the keys originally generated at:
/root/MOK.priv
/root/MOK.der
After a kernel upgrade, the following one-liner would fix vbox modules, no problem:
(Updating to latest kernel)
Code: Select all
cd /usr/lib/modules/4.19.0-17-amd64/misc/ && /usr/lib/linux-kbuild-4.19/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der vboxnetadp.ko && /usr/lib/linux-kbuild-4.19/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der vboxnetflt.ko && /usr/lib/linux-kbuild-4.19/scripts/sign-file sha256 /root/MOK.priv /root/MOK.der vboxdrv.ko
But since the Debian 10.10 update, after re-signing modules and rebooting, I now get the following error dialog popup when attempting to launch a Virtualbox VM:
VirtualBox - Error in suplibOsInit
Kernel driver not installed (rc=-1908)
The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing
'/sbin/vboxconfig'
as root.
If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information.
where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT.
I also tried Qemu/KVM using libvirt and virt-manager, after converting VM's to .qcow2 format, but had way too many issues to even boot the VMs.
I have some Windows VMs that I need to use, and they used to work great in Virtualbox, so would like to get them working again if possible.
What is preventing vbox modules now working with secure boot?
Any ideas, approaches, to help resolve?