vboxdr.sh contains a lot of changes concerning signing kernel modules:
Until 6.1.38 I had only to place my MOK.der and MOK.priv files in /var/lib/shim-signed/mok/ (following DEB_PUB_KEY and DEB_PRIV_KEY) and replace or symlink KMODSIGN in Line 596 (Version 6.1.38) by '/usr/src/linux-headers-$(uname -r)/scripts/sign-file'. KMODSIGN does not exist in Debian 11.
Now I am stuck, because in Line 330 (Version 7.0.3) a function 'kernel_module_sig_hash()' calls '/lib/modules/"$KERN_VER"/build/scripts/config', which does not exist in Debian 11 (Bullseye), and I do not see a replacement. Although I have signed the modules by myself, I cannot start VirtualBox, because it assumes that the modules are not signed.
Until 6.1.38 I could sign the modules by myself, and start VirtualBox after boot. The above changes in vboxdrv.sh were not necessary, but then I could make changes via CLI.
==> Any hints?
The main reason is that I want to set TPM=... for Windows 10 Guests. In the moment this seems to not be possible in the GUI. And calling 'VBoxManage modifyvm' apparently tries to sign the kernel modules again and therefore prevents starting VirtualBox.
My approach would be to take out the signing of modules etc. of vboxdrv.sh and create in a first step different signing scripts for each flavor of operating system, which can be called by vboxdrv.sh.
Sign Kernel Modules (Host Debian 11, Bullseye)
Re: Sign Kernel Modules (Host Debian 11, Bullseye)
Hi mhaelsig,
Thank you for the feedback. The issue, you are referring to, should be fixed in VirtualBox 7.0.0 which was just released. It is currently available on https://www.virtualbox.org/wiki/Downloads.
Both host part and Guest Additions should now work with Debian distribution.
Thank you for the feedback. The issue, you are referring to, should be fixed in VirtualBox 7.0.0 which was just released. It is currently available on https://www.virtualbox.org/wiki/Downloads.
Both host part and Guest Additions should now work with Debian distribution.