Virtualbox kernel driver no loading - secureboot enabled - need to re-sign modules

FWIW, I just had this issue again in a new(ish) 15.4 box.

The same solution I posted here for 15.3 worked:

https://forums.opensuse.org/showthread.php/555343-Virtualbox-kernel-driver-no-loading-secureboot-enabled-how-to-sign-modules?p=3039400#post3039400

In detail:

  1. Use Yast Software manager to remove and immediately reinstall the openSUSE-signkey-cert package.
    Do not reboot beforere installing it. this will reinstall the same certificate - in this case, /etc/uefi/certs/1F673297-kmp.crt

  2. Reboot. A text menu will appear for a short time before the system starts to load, use the keyboard arrows to select Enroll Keys, chose Enroll Keys again (or something very similar, I’m quoting from memory) and enter your root password when asked.

If the system continues to boot before you start to enroll the keys you’ll need to go back to step 1, perhaps disabling secure boot first.

@brunomcl:

Yes, exactly that is the problem –


 > l /etc/uefi/certs/
insgesamt 20
drwxr-xr-x 2 root root 4096 17. Sep 18:33 ./
drwxr-xr-x 3 root root 4096  8. Sep 17:41 ../
-rw-r--r-- 1 root root 1177 14. Jun 11:20 1F673297-kmp.crt
-rw-r--r-- 1 root root 1288  8. Sep 17:41 40905999.crt
-rw-r--r-- 1 root root 1257 16. Jul 2021  BCA4E38E-shim.crt
 > 

And, it’s the “1F673297-kmp.crt” which is causing the problem.

  • But, on this (quite new) machine with graphics as shown below, quite often at reboot, the screen doesn’t respond within the few seconds which MokUtil “blue screen” allows at boot time – no MokUtil “blue screen” visible at reboot – only an empty black screen before the openSUSE splash appears …
  • Therefore, what I’ve found to be fairly reliable is, to Power Off and then, Power On rather than simply reboot – the screen and HDMI interface then have enough time to display the MokUtil “blue screen” …

And, my other problem – my Root password has extended European characters and, I use a German (QWERTZ) keyboard – the MokUtil “blue screen” expects a US keyboard layout (QWERTY) …

  • Therefore, I tend to use MokUtil to manually manage the Keys with another password which uses keys which are mapped identically between QWERTZ and QWERTY …

For me it is the other way around. If I power off the monitor goes on stand-by, and takes 3-4 secs to come up again, giving me little time to see/interact with the mok menu.

thanks for the tip, works now.
i don’t understand why they didn’t fix it…

Hi
It’s W.I.P by the maintainer… See Signing modules with our own key in Leap 15.4 - openSUSE Factory - openSUSE Mailing Lists

Huh? All VirtualBox modules provided by openSUSE are signed.The subject of this thread is totally misleading because OP describes not how to “re-sign modules” but how to enroll existing certificate to allow **existing **signature verification. Modules themselves are not touched by this procedure.

however, that subject probably made me find the solution as the first hit on google :slight_smile: due to virtualbox phrasing it like that

Person got a point. The subject should have been “- need to re-enroll module signatures”. My bad.