VirtualBox is a widely used virtualization tool that allows users to run multiple operating systems on their machine. However, installing VirtualBox on Ubuntu 18.04 with UEFI Secure Boot enabled can be a bit tricky. This article will guide you through the process step by step.
To install VirtualBox with UEFI Secure Boot enabled on Ubuntu 18.04, you have three options: disable UEFI Secure Boot (less secure), sign VirtualBox modules with your own key (more technical), or use a different virtualization software compatible with Secure Boot. Each option has its own implications and considerations, so choose the one that best suits your needs and level of technical expertise.
What is UEFI Secure Boot?
UEFI Secure Boot is a security standard developed by PC manufacturers to help protect the computer from malware. It restricts the system to boot only using a firmware that is signed into the system’s firmware. This means that all the software and drivers that run during the boot process need to be signed and verified.
Why is it a problem with VirtualBox?
VirtualBox, by default, is not signed and hence, when you try to install it on a system with UEFI Secure Boot enabled, it might fail or cause issues.
Overcoming the problem
There are three main ways to overcome this problem:
- Disable UEFI Secure Boot: This is the easiest solution but it compromises the security of your system.
- Sign VirtualBox modules: This is a more secure solution but it requires technical knowledge.
- Use different virtualization software: If you don’t want to disable Secure Boot or sign the VirtualBox modules, you can use a different virtualization software that is compatible with Secure Boot.
Disabling UEFI Secure Boot
To disable UEFI Secure Boot, you need to access your system’s BIOS settings. The method to access BIOS settings varies depending on the manufacturer of your system. Once in the BIOS settings, look for the Secure Boot option and disable it. Save the changes and exit.
NOTE: Disabling Secure Boot can expose your system to potential threats, as it allows unsigned software to run during the boot process.
Signing VirtualBox Modules
If you prefer not to disable Secure Boot, you can sign the VirtualBox modules. This involves generating a key pair, enrolling the key in your system’s firmware, and signing the VirtualBox modules.
Generating a key pair
To generate a key pair, use the openssl command as follows:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Descriptive common name/"This command generates a new RSA key pair (MOK.priv and MOK.der). The “-days 36500” option sets the key to expire in 100 years, and the “-subj” option sets a descriptive common name for the key.
Enrolling the key
To enroll the key in your system’s firmware, use the mokutil command as follows:
sudo mokutil --import MOK.derThis command imports the key into the Machine Owner Key (MOK) database, which is a list of keys that are trusted by the system.
Signing the VirtualBox modules
To sign the VirtualBox modules, use the following commands:
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetflt)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetadp)These commands sign the VirtualBox kernel modules (vboxdrv, vboxnetflt, and vboxnetadp) with your key.
Using Different Virtualization Software
If you prefer not to disable Secure Boot or sign the VirtualBox modules, you can use a different virtualization software that is compatible with Secure Boot, such as GNOME Boxes, which is available in the Ubuntu Software Center.
In conclusion, installing VirtualBox on Ubuntu 18.04 with UEFI Secure Boot enabled requires either disabling Secure Boot, signing the VirtualBox modules with your own key, or using a different virtualization software. Each method has its own implications and considerations, so choose the one that best suits your needs and level of technical expertise.
Yes, you can install VirtualBox on Ubuntu 18.04 with UEFI Secure Boot enabled, but it requires additional steps to overcome compatibility issues.
UEFI Secure Boot is a security standard developed by PC manufacturers to help protect the computer from malware. It ensures that the system only boots using firmware that is signed and verified.
VirtualBox, by default, is not signed, which makes it incompatible with UEFI Secure Boot. Secure Boot requires all software and drivers used during the boot process to be signed and verified.
There are three main options to overcome the compatibility issue: disabling UEFI Secure Boot, signing VirtualBox modules with your own key, or using a different virtualization software that is compatible with Secure Boot.
Disabling UEFI Secure Boot is the easiest solution, but it compromises the security of your system. It allows unsigned software to run during the boot process, which can expose your system to potential threats.
To sign VirtualBox modules, you need to generate a key pair, enroll the key in your system’s firmware, and then sign the VirtualBox modules using the generated key. The article provides detailed steps on how to do this.
Yes, if you prefer not to disable Secure Boot or sign the VirtualBox modules, you can use a different virtualization software that is compatible with Secure Boot, such as GNOME Boxes, which is available in the Ubuntu Software Center.
Disabling Secure Boot compromises the security of your system, signing VirtualBox modules requires technical knowledge, and using a different virtualization software may have different features and limitations compared to VirtualBox. Consider your needs and level of technical expertise before choosing a method.
