🖥️ Complete Guide: VirtualBox with Secure Boot on Ubuntu

🚨 Initial Problem

When trying to use VirtualBox with Secure Boot enabled, the following error appears:

Kernel driver not installed (rc=-1908)
The VirtualBox Linux kernel driver is either not loaded or not set up correctly.

This occurs because Secure Boot requires all kernel modules to be signed with a trusted key, and Ubuntu doesn't automatically sign VirtualBox modules.

📋 Prerequisites

• ✅ Ubuntu with Secure Boot enabled
• ✅ VirtualBox installed
• ✅ Root/sudo access
• ✅ Internet connection

🔧 Complete Solution

🔍 Step 1: Verify the current kernel

uname -r

Write down the kernel version, you'll need it later.

🔍 Step 2: Check module status

lsmod | grep vbox

If it shows nothing, the modules are not loaded (expected behavior).

📦 Step 3: Install necessary dependencies

sudo apt install --reinstall linux-headers-$(uname -r) virtualbox-dkms dkms build-essential

Wait for the installation to complete.

⚠️ Step 4: Confirm the Secure Boot problem

sudo modprobe vboxdrv

Expected result:

modprobe: ERROR: could not insert 'vboxdrv': Key was rejected by service

This error confirms that Secure Boot is blocking unsigned modules.

🗑️ Step 5: Remove current VirtualBox modules

sudo dkms remove virtualbox/7.0.16 --all

Note: Adjust the version (7.0.16) according to your installation. You can verify it with dpkg -l | grep virtualbox.

🔐 Step 6: Install the module signing script

The sign-vbox.sh script and installation helper are available in the scripts/ directory of this repository.

Option A: 🤖 Automated Installation (Recommended)

cd scripts/
sudo ./install-signing-script.sh

This will automatically:

• 📁 Create the /root/module-signing directory
• ⚙️ Install and configure the signing script
• 🔧 Configure DKMS to use it

Option B: 🔧 Manual Installation

sudo mkdir -p /root/module-signing
sudo cp scripts/sign-vbox.sh /root/module-signing/
sudo chmod +x /root/module-signing/sign-vbox.sh
echo 'SIGN_TOOL="/root/module-signing/sign-vbox.sh"' | sudo tee /etc/dkms/virtualbox.conf

The sign-vbox.sh script automatically handles:

• 📦 Decompression of zstd-compressed modules
• ✍️ Signing with SHA256 and MOK keys
• 🔄 Recompression for compatibility

🔨 Step 7: Recompile VirtualBox modules

sudo dkms install virtualbox/7.0.16

Expected output:

Sign command: /usr/bin/kmodsign
Signing key: /var/lib/shim-signed/mok/MOK.priv
Public certificate (MOK): /var/lib/shim-signed/mok/MOK.der
Building module:
[...]
Signing module /var/lib/dkms/virtualbox/7.0.16/build/vboxdrv/vboxdrv.ko
Signing module /var/lib/dkms/virtualbox/7.0.16/build/vboxnetadp/vboxnetadp.ko
Signing module /var/lib/dkms/virtualbox/7.0.16/build/vboxnetflt/vboxnetflt.ko
[...]

Important note: Ubuntu automatically uses MOK keys stored in /var/lib/shim-signed/mok/. These keys are automatically generated during Ubuntu installation.

🔍 Step 8: Check if Ubuntu's MOK key is enrolled

sudo mokutil --test-key /var/lib/shim-signed/mok/MOK.der

If the result is "is not enrolled", continue with the next step.

🔑 Step 9: Import the MOK key into UEFI firmware

sudo mokutil --import /var/lib/shim-signed/mok/MOK.der

It will ask you to enter a password twice. This is a temporary password that you'll only use once on the next reboot. Choose something simple and easy to remember (for example: "1234" or "password").

Expected output:

input password:
input password again:

🔄 Reboot your system

After entering the password, you need to reboot your system to apply changes. Upon reboot, you will be prompted with a MOK management screen where you will need to enter the password you just set up to enroll the MOK key.

🔄 Step 10: Verify VirtualBox functionality

virtualbox

Launch VirtualBox to see if the error is resolved. You should now be able to use VirtualBox without any issues related to kernel drivers.

🏆 Best Practices

• Always keep your system and VirtualBox updated to the latest versions.
• Consider disabling Secure Boot if you don’t need it for your use case, as this will simplify module loading.
• Regularly back up your MOK keys to avoid losing access.
• Monitor kernel updates that could affect VirtualBox functionality and perform the necessary recompilation of modules.

🔍 Troubleshooting

If you encounter issues during the process, consider the following:

• Ensure your kernel headers are correctly installed and match your running kernel.
• Double-check the signing script path and permissions.
• Refer to dmesg logs for detailed error messages related to module loading.
• If you still face issues, consult community forums or documentation specific to your Ubuntu version.

🔚 Conclusion

By following this comprehensive guide, you can resolve the "Kernel driver not installed (rc=-1908)" error in VirtualBox on Ubuntu while maintaining Secure Boot. It's crucial to keep your system and dependencies updated and to understand the implications of Secure Boot in your virtualization environment.

If you need further assistance, consider seeking professional help or consulting with community forums.

🔗 Need Help? Consult Now!

Konsultasi Jasa Setup Sekarang