问题描述

我在我的 Ubuntu 笔记本电脑上运行 VirtualBox 时遇到问题。我的笔记本电脑是双启动的，并且正在运行(Windows 10——我想，已经很多年没用过了)，还有 Ubuntu 16.0.4 LTS。

我在笔记本电脑的 BIOS 设置中启用了安全启动。

我知道这里也有类似的问题，特别是这两个：

• Failed installation of Virtualbox 5.1 on Ubuntu 16.04

• VirtualBox Installation gives message \u201cmodprobe vboxdrv\u201d failed

我已按照这两个问题的答案部分中给出的所有说明进行操作 – 但问题仍未解决。

这是控制台输出，当我尝试运行 virtualbox 时：

me@YOURBOX:~$ virtualbox
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
         available for the current kernel (4.4.0-47-generic) or it failed to
         load. Please recompile the kernel module and install it by

           sudo /sbin/vboxconfig

         You will not be able to start VMs until this problem is fixed.

这是我按照建议运行 /sbin/vboxconfig 时的控制台输出：

me@YOURBOX:~$ sudo /sbin/vboxconfig  
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.

There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.

这是 dmesg 输出的尾端：

[   44.319682] audit: type=1400 audit(1491313982.374:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince-previewer" pid=705 comm="apparmor_parser"
[   45.041433] cgroup: new mount options do not match the existing superblock, will be ignored
[   59.682936] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[   59.697820] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[   59.702008] IPv6: ADDRCONF(NETDEV_UP): enp2s0f0: link is not ready
[   60.267000] IPv6: ADDRCONF(NETDEV_UP): enp2s0f0: link is not ready
[   62.473044] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[   70.681706] audit_printk_skb: 60 callbacks suppressed
[   70.681709] audit: type=1400 audit(1491314008.734:32): apparmor="STATUS" operation="profile_load" profile="unconfined" name="docker-default" pid=2009 comm="apparmor_parser"
[   70.850936] aufs 4.x-rcN-20160111
[   75.407218] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[   75.408555] Bridge firewalling registered
[   75.427172] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[   75.848416] ip_tables: (C) 2000-2006 Netfilter Core Team
[   76.703232] Initializing XFRM netlink socket
[   77.060003] IPv6: ADDRCONF(NETDEV_UP): docker0: link is not ready
[   80.101042] aufs au_opts_verify:1597:dockerd[1402]: dirperm1 breaks the protection by the permission bits on the lower branch
[  113.895236] wlp3s0: authenticate with 84:16:f9:77:e1:54
[  113.910483] wlp3s0: send auth to 84:16:f9:77:e1:54 (try 1/3)
[  113.912712] wlp3s0: authenticated
[  113.915101] wlp3s0: associate with 84:16:f9:77:e1:54 (try 1/3)
[  113.919397] wlp3s0: RX AssocResp from 84:16:f9:77:e1:54 (capab=0x1411 status=0 aid=1)
[  113.919516] wlp3s0: associated
[  113.919559] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready

现在，我不想撒谎 – 我完全不知道 dmesg 刚刚喷出什么 – 据我所知，日志输出中没有错误消息 – 这使得情况更加令人恼火。

有没有人在运行 Ubuntu 16.0.4 LTS 的笔记本电脑上安装过 VirtualBox 5.x – 但在 BIOS 上启用了安全启动？ – 如果是，解决方案是什么。 ？？？！

很多人都有这个问题——甚至几年前也是如此。很奇怪，似乎没有人有解决方案 – ???

最佳思路

\\n

VirtualBox + Secure Boot + Ubuntu = fail

\\n

The problem is the requirement that all kernel modules must be signed\\n by a key trusted by the UEFI system, otherwise loading will fail.\\n Ubuntu does not sign the third party vbox* kernel modules, but rather\\n gives the user the option to disable Secure Boot upon installation of\\n the virtualbox package. I could do that, but then I would see an\\n annoying \\u201cBooting in insecure mode\\u201d message every time the machine\\n starts, and also the dual boot Windows 10 installation I have would\\n not function.

\\n

Ubuntu 16.04 on a Dell Latitude E7440 with BIOS A18, and with a dual boot Windows 10 installation.

\\n

Credit goes to the primary source of information I used to resolve\\n this problem, which applies specifically to Fedora/Redhat:\\n http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux-2016-update/

\\n

And a relevant Ask Ubuntu question:\\n Could not load ‘vboxdrv’ after upgrade to Ubuntu 16.04 (and I want to keep secure boot)

\\n

Steps to make it work, specifically for Ubuntu/Debian

\\n

\\n

1. Install the virtualbox package. If the installation detects that Secure Boot is enabled, you will be presented with the issue at hand\\n and given the option to disable Secure Boot. Choose \\u201cNo\\u201d.

\\n

2. Create a personal public/private RSA key pair which will be used to sign kernel modules. I chose to use the root account and the directory\\n /root/module-signing/ to store all things related to signing kernel\\n modules.

   \\n

   $ sudo -i\\n# mkdir /root/module-signing\\n# cd /root/module-signing\\n# openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=YOUR_NAME/"\\n[...]\\n# chmod 600 MOK.priv\\n

\\n

3. Use the MOK (\\u201cMachine Owner Key\\u201d) utility to import the public key so that it can be trusted by the system. This is a two step process\\n where the key is first imported, and then later must be enrolled when\\n the machine is booted the next time. A simple password is good enough,\\n as it is only for temporary use.

   \\n

   # mokutil --import /root/module-signing/MOK.der\\ninput password:\\ninput password again:\\n

\\n

4. Reboot the machine. When the bootloader starts, the MOK manager EFI utility should automatically start. It will ask for parts of the\\n password supplied in step 3. Choose to \\u201cEnroll MOK\\u201d, then you should\\n see the key imported in step 3. Complete the enrollment steps, then\\n continue with the boot. The Linux kernel will log the keys that are\\n loaded, and you should be able to see your own key with the command:\\n dmesg|grep 'EFI: Loaded cert'

\\n

5. Using a signing utility shippped with the kernel build files, sign all the VirtualBox modules using the private MOK key generated in step 2.\\n I put this in a small script /root/module-signing/sign-vbox-modules, so it can be easily run when new kernels are installed as part of regular updates:

   \\n

   #!/bin/bash\\n\\nfor modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do\\n  echo "Signing $modfile"\\n  /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 \\\\\\n                                /root/module-signing/MOK.priv \\\\\\n                                /root/module-signing/MOK.der "$modfile"\\ndone\\n

   \\n

   And then:

   \\n

   # chmod 700 /root/module-signing/sign-vbox-modules\\n

\\n

6. Run the script from step 5 as root. You will need to run the signing script every time a new kernel update is installed, since this\\n will cause a rebuild of the third party VirtualBox modules. Use the\\n script only after the new kernel has been booted, since it relies on\\n modinfo -n and uname -r to tell which kernel version to sign for.

\\n

7. Load vboxdrv module and fire up VirtualBox:

   \\n

   # modprobe vboxdrv\\n

\\n

\\n

The procedure can also be used to sign other third party kernel\\n modules, like the nvidia graphics drivers, if so is required. (I have\\n not tested that myself.)

\\n

注意：以上答案完全来自 \xd8yvind Stegard 的博文 VirtualBox + Secure Boot + Ubuntu = fail。

次佳思路

上面的答案可能工作正常，但如果你想要更轻松的时间：

我能够解决它

启动进入 BIOS 并进入 >高级 (f7) >启动 >向下滚动到 “secure boot” >将“Windows EUFI 模式”更改为 “other OS”

我的 virtualbox 现在可以正常工作了。

参考资料

• vboxdrv.sh: failed: modprobe vboxdrv failed. Please use ‘dmesg’ to find out why