True reason why VirtualBox machine does not start after a linux kernel update

16.04 kernel virtualbox

6,570

I found a solution.

Although my question is not answered and I don't exactly understand WHY this problem happens, I want to share a simple summarization of the solution with you. I accepted that the Linux kernel simply doesn't provide support to Virtualbox after an update. They know the reason.

Anyway, the problem happens after almost every kernel update or package upgrade. If you try

$ sudo modprobe vboxdrv, you get modprobe: ERROR: could not insert 'vboxdrv': Required key not available.

The solution is to manually sign the key EVERY time this happens, because the signing is KERNEL-DEPENDENT. It is related to Ubuntu 16.04 WITHOUT disabling Secure Boot.

Steps:

Check if installed headers ($ dpkg -l | grep linux-headers) match the running kernel

($ uname -r).
You can always use this command to see a list of enrolled/signed keys:

$ sudo keyctl list %:.system_keyring.
If you already signed a key for Virtualbox (with the old kernel), you need to remove it. There is a way to remove a single key, but I remove them all in once (all keys that I enrolled):

$ sudo mokutil --reset. Choose a password and restart the computer.
You will be asked automatically by Ubuntu on booting. Choose "Reset MOK" and use the chosen password.
If you haven’t created X.509 key yet, create folder for the key and navigate to it.
Create the key with: $ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/". Instead of “MOK” and “Akrog” choose names (e.g. “vbX509Key” and “vbKey”).
Enroll the key with: $ sudo /usr/src/linux-headers-XXX-generic/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/XXX-generic/updates/dkms/vboxdrv.ko. Instead of “MOK” use the specified name and correct kernel version instead of "XXX".
Import the key with $ sudo mokutil --import MOK.der. Again, use the specified name instead of “MOK”. Choose a password and restart the computer.
You will be asked automatically by Ubuntu on booting. Choose "Enroll MOK" and use the chosen password.

Now you can normally start and use the Virtualbox.

6,570

Dusan

Updated on September 18, 2022

Comments

Dusan over 1 year
I know there are many open discussions relating this issue, but none of them addresses a unique reason about the bug.

It's about Ubuntu 16.04, in my case. I install VirtualBox from Ubuntu repository, with sudo apt install virtualbox-qt

I had kernel 4.4.0-34-generic installed. After I installed VirtualBox, everything worked fine.

But after I updated the system (through Software Updater) and upgraded with sudo apt upgrade, sudo apt dist-upgrade and auto-remove, my virtual machine can't start. Kernel 4.4.0-36-generic is now installed. It says something like:
```
please install virtualbox-dkms and check if appropriate linux-headers are installed
```
virtualbox-dkms is already installed, so nothing happens after sudo apt install virtualbox-dkms

But what about headers?
```
$ dpkg -l | grep linux-headers  
ii  linux-headers-4.4.0-34  4.4.0-34.53  all  Header files related to Linux kernel version 4.4.0  
ii  linux-headers-4.4.0-34-generic  4.4.0-34.53  amd64  Linux kernel headers for version 4.4.0 on 64 bit x86 SMP  
ii  linux-headers-4.4.0-36  4.4.0-36.55  all  Header files related to Linux kernel version 4.4.0  
ii  linux-headers-4.4.0-36-generic  4.4.0-36.55  amd64  Linux kernel headers for version 4.4.0 on 64 bit x86 SMP  
ii  linux-headers-generic  4.4.0.36.38  amd64  Generic Linux kernel headers  

$ uname -r  
4.4.0-36-generic
```
And what is the real reason why this happens after every kernel update? I want to know exactly what to do and not always to spend days fixing it.
- Pilot6 over 7 years
  
  Disable Secure Boot in BIOS.
- Dusan over 7 years
  
  But what if I want to keep it enabled?
- Pilot6 over 7 years
  
  Then Virtual Box won't work. ;-) An alternative is to sign the module manually, but is not quite easy.
- Zalgo over 7 years
  
  if your BIOS has a virtualization option, enable it, if not, disable secure boot
- Melebius over 7 years
  
  Missing kernel headers might really be the real reason since VirtualBox needs to compile its kernel module. Check if installed headers (dpkg -l | grep linux-headers) match the running kernel (uname -r). Please update your question with the results.
- fkraiem about 7 years
  
  Note: "please install virtualbox-dkms and check if appropriate linux-headers are installed" is a boilerplate error message that VBox gives whenever the kernel module fails to load, regardless of whether those packages are installed. (Yes, this is definitely a bug in VBox.)
Pilot6 about 7 years

A much easier way is to disable Secure Boot. You have to do it manually with each DKMS package. Secure Boot is not worth the effort.