Sign virtual box modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) Centos 8 [closed]

Question

I started using Centos 8 recently, and I installed VirtualBox to manage my virtual machines, the problem that I encountered with is that my VirtualBox couldn't boot any VMs and it told me to execute this script /sbin/vboxconfig as root, when I run this script the following message appears :

vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: You must sign these kernel modules before using VirtualBox:
  vboxdrv vboxnetflt vboxnetadp vboxpci
See the documenatation for your Linux distribution..
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.  If your system is using EFI Secure Boot you may need to sign the
kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load
them. Please see your Linux system's documentation for more information.

Note that my secure boot is enabled. My question is how to sign these kernel modules in Centos 8 ?

Answer 1

After some research, I found the solution.

Solution 1 : disable secure boot.

Solution 2 :

1- Install mokutil package

sudo dnf update
sudo dnf install mokutil

2- Create RSA key under new folder.

sudo -i
mkdir /root/signed-modules
cd /root/signed-modules
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"
chmod 600 MOK.priv

3- This command will ask you to add a password, you need this password after the next reboot.

sudo mokutil --import MOK.der

4- Reboot your system and a blue screen appear, select Enroll MOK --> Continue --> put the previous password and your system will start.

5- Put the previous cmmands in a script to run it later (after system update)

cd /root/signed-modules
vi sign-virtual-box

Add the following cmd to this script :

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

Use the below to find signfile if the above fails & edit script accordingly.

find /usr/src -name sign-file

5- Add exec permission and run the script

chmod 700 sign-virtual-box
./sign-virtual-box 

6- Launch VirtualBOx

modprobe vboxdrv

For more info see this link (for ubuntu users) https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/

Answer 2

I follow the solution given by @Younes LAB but I needed to change the sign-file path in the sign-virtual-box script for it work fine:

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

I am using Ubuntu 20.04.2 LTS and VirtualBox 6.1