True reason why VirtualBox machine does not start after a linux kernel update
I found a solution.
Although my question is not answered and I don't exactly understand WHY this problem happens, I want to share a simple summarization of the solution with you. I accepted that the Linux kernel simply doesn't provide support to Virtualbox after an update. They know the reason.
Anyway, the problem happens after almost every kernel update or package upgrade. If you try
$ sudo modprobe vboxdrv
, you get modprobe: ERROR: could not insert 'vboxdrv': Required key not available
.
The solution is to manually sign the key EVERY time this happens, because the signing is KERNEL-DEPENDENT. It is related to Ubuntu 16.04 WITHOUT disabling Secure Boot.
Steps:
Check if installed headers (
$ dpkg -l | grep linux-headers
) match the running kernel(
$ uname -r
).You can always use this command to see a list of enrolled/signed keys:
$ sudo keyctl list %:.system_keyring
.If you already signed a key for Virtualbox (with the old kernel), you need to remove it. There is a way to remove a single key, but I remove them all in once (all keys that I enrolled):
$ sudo mokutil --reset
. Choose a password and restart the computer.- You will be asked automatically by Ubuntu on booting. Choose "Reset MOK" and use the chosen password.
- If you haven’t created X.509 key yet, create folder for the key and navigate to it.
- Create the key with:
$ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/"
. Instead of “MOK” and “Akrog” choose names (e.g. “vbX509Key” and “vbKey”). - Enroll the key with:
$ sudo /usr/src/linux-headers-XXX-generic/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/XXX-generic/updates/dkms/vboxdrv.ko
. Instead of “MOK” use the specified name and correct kernel version instead of "XXX". - Import the key with
$ sudo mokutil --import MOK.der
. Again, use the specified name instead of “MOK”. Choose a password and restart the computer. - You will be asked automatically by Ubuntu on booting. Choose "Enroll MOK" and use the chosen password.
Now you can normally start and use the Virtualbox.
Related videos on Youtube
Dusan
Updated on September 18, 2022Comments
-
Dusan over 1 year
I know there are many open discussions relating this issue, but none of them addresses a unique reason about the bug.
It's about Ubuntu 16.04, in my case. I install VirtualBox from Ubuntu repository, with
sudo apt install virtualbox-qt
I had kernel 4.4.0-34-generic installed. After I installed VirtualBox, everything worked fine.
But after I updated the system (through Software Updater) and upgraded with
sudo apt upgrade
,sudo apt dist-upgrade
andauto-remove
, my virtual machine can't start. Kernel 4.4.0-36-generic is now installed. It says something like:please install virtualbox-dkms and check if appropriate linux-headers are installed
virtualbox-dkms
is already installed, so nothing happens aftersudo apt install virtualbox-dkms
But what about headers?
$ dpkg -l | grep linux-headers ii linux-headers-4.4.0-34 4.4.0-34.53 all Header files related to Linux kernel version 4.4.0 ii linux-headers-4.4.0-34-generic 4.4.0-34.53 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP ii linux-headers-4.4.0-36 4.4.0-36.55 all Header files related to Linux kernel version 4.4.0 ii linux-headers-4.4.0-36-generic 4.4.0-36.55 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP ii linux-headers-generic 4.4.0.36.38 amd64 Generic Linux kernel headers $ uname -r 4.4.0-36-generic
And what is the real reason why this happens after every kernel update? I want to know exactly what to do and not always to spend days fixing it.
-
Pilot6 over 7 yearsDisable Secure Boot in BIOS.
-
Dusan over 7 yearsBut what if I want to keep it enabled?
-
Pilot6 over 7 yearsThen Virtual Box won't work. ;-) An alternative is to sign the module manually, but is not quite easy.
-
Zalgo over 7 yearsif your BIOS has a virtualization option, enable it, if not, disable secure boot
-
Melebius over 7 yearsMissing kernel headers might really be the real reason since VirtualBox needs to compile its kernel module. Check if installed headers (
dpkg -l | grep linux-headers
) match the running kernel (uname -r
). Please update your question with the results. -
fkraiem about 7 yearsNote: "please install virtualbox-dkms and check if appropriate linux-headers are installed" is a boilerplate error message that VBox gives whenever the kernel module fails to load, regardless of whether those packages are installed. (Yes, this is definitely a bug in VBox.)
-
-
Pilot6 about 7 yearsA much easier way is to disable Secure Boot. You have to do it manually with each DKMS package. Secure Boot is not worth the effort.