There’s a nasty issue in VirtualBox where you won’t be able to run virtual machines on Linux distros. The error shows something similar to:

Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please reinstall virtualbox-dkms package and load the kernel module by executing

'modprobe vboxdrv'

as root.

If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information.

where: suplibosinit what: 3
VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT.

The error suggests running modprobe vboxdrv as root, but this shows an error similar to the following:

modprobe: ERROR: could not insert 'vboxdrv': Key was rejected by service

The Issue

The issue lies in Secure Boot. Your computer might have secure boot enabled, as is in most modern computers. Secure Boot is a security feature designed to prevent malicious software from loading during the boot process. It works by ensuring that every piece of code, including the operating system and its drivers, is signed with a trusted digital signature. Secure boot requires that any kernel module loaded be signed with a key that your system's Secure Boot trusts.

The Easiest Solution (Not Recommended)

The easiest solution is to go to your computer’s BIOS and disable secure boot. But this is both a security risk and a potential issue. It is important to not mess around with security, so do this option if you want to take the risk.

The Actual Fix

Setup

Before we begin, it is important that we install the latest VirtualBox program. You can find it in the Downloads page of the VirtualBox website. Download the appropriate package for your distribution and install it using:

sudo apt install ./virtualbox-7.2_7.2.0-170228~Ubuntu~oracular_amd64.deb

The package name might be different in your situation, so make sure you modify the command accordingly.

Applying the Fix

The first step is to install the mokutil package. mokutil is a command-line utility for Linux that provides a user-friendly way to manage the Machine Owner Key (MOK) list, which is a crucial component for systems with UEFI Secure Boot enabled. It allows you to import, delete, and list cryptographic keys that are used to sign bootloaders and kernel modules, like the VirtualBox driver. This tool acts as a bridge between the Linux user space and the firmware's Secure Boot key databases, allowing you to add new trusted keys without having to disable Secure Boot entirely.

To install mokutil, use the following command. This is given to align with the apt package manager which is common in most Debian based distributions such as Ubuntu and Cinnamon. Make sure to look into how you can install the same thing, if you do not have a Debian based system.

sudo apt-get update
sudo apt-get install mokutil

Follow the usual way that you install a package on Linux and you should be good.

Next, we will create an RSA key. To do this, first let’s switch to the root user using the following command.

sudo su

Once you have root user access, we will create a new folder to handle key signing related work and move into it.

mkdir /root/signed-modules
cd /root/signed-modules

Now we’re ready to create the RSA key. Use the following command to create the RSA key.

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox/"
chmod 600 MOK.priv

Next, we will install this key to the kernel using the following command. This will ask for a password. Make sure to remember the password you provided, as this comes in handy later.

mokutil --import MOK.der

Now reboot your computer and on reboot, you will see a blue screen which ask for the certificate. Move through this menu as Enroll MOK > Continue > <previous password>. The computer will now turn on as expected.

Once rebooted, we will log back in as the root to do the signing.

sudo su

Enter the following command to find where the file signing command is.

find /usr/src -name sign-file

Now we will move into our working folder and create a new script to automate our signing.

cd /root/signed-modules
nano sign-virtual-box

In the file, paste the following script.

#!/bin/bash

for modfile in $(dirname $(modinfo -n vboxdrv))/*.ko; do
  echo "Signing $modfile"
  /usr/src/linux-headers-6.14.0-28-generic/scripts/sign-file sha254 \
                                /root/signed-modules/MOK.priv \
                                /root/signed-modules/MOK.der "$modfile"
done

Here, the path /usr/src/linux-headers-6.14.0-28-generic/scripts/sign-file should match the output you got before with find /usr/src -name sign-file.

Now run the script after modifying the execution privileges.

chmod 700 sign-virtual-box
./sign-virtual-box

This should allow you to now run any virtual machines without any issues.

An Additional Issue

However, I also did run into another issue where I had to run the following command after every reboot to get the virtual machines to run, other than the above fix. This might or might not be the case.

sudo modprobe -r kvm_intel

This is used to unload the kvm_intel kernel module, which is a driver that allows the KVM (Kernel-based Virtual Machine) hypervisor to leverage the virtualization extensions found in Intel CPUs. The modprobe -r part of the command specifically tells the system to remove (or unload) the specified module.

Reference

• https://stackoverflow.com/questions/61248315/sign-virtual-box-modules-vboxdrv-vboxnetflt-vboxnetadp-vboxpci-centos-8

• https://askubuntu.com/questions/1537180/modprobe-vboxdrv-could-not-insert-vboxdrv-key-was-rejected-by-service