VirtualBox Kernel Driver Error on Fedora with Secure Boot

ByEric Ma Posted on Updated on

VirtualBox on Fedora reports “The vboxdrv kernel module is not loaded” when you try to launch it, even though the virtualbox and kernel module packages are installed. This typically happens on systems with UEFI Secure Boot enabled, which requires kernel modules to be cryptographically signed.

Check if the module is loaded

First, verify whether the vboxdrv module is actually loaded:

lsmod | grep vboxdrv

If nothing is returned, try loading it manually:

sudo modprobe vboxdrv

If you see an error like this:

modprobe: ERROR: could not insert 'vboxdrv': Required key not available

This confirms the problem: Secure Boot is preventing the unsigned kernel module from loading.

Install VirtualBox

If you haven’t already, install VirtualBox on Fedora:

sudo dnf install VirtualBox

The dnf package manager is the modern standard on current Fedora versions.

Sign the kernel module for Secure Boot

To fix this, you need to create a Module Signing Key (MOK), sign the vboxdrv module with it, and import the key into the system firmware.

Step 1: Install kernel development headers

sudo dnf install kernel-devel

Step 2: Generate a signing key

Create an X.509 certificate and private key (valid for 100 years):

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VirtualBox MOK/"

Keep these files in a safe location—you’ll need the private key every time you upgrade VirtualBox.

Step 3: Sign the vboxdrv module

sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)

Step 4: Import the key into firmware

sudo mokutil --import MOK.der

This command will prompt you to set a password. Remember this password—you’ll need it during the next reboot.

Step 5: Reboot and enroll the key

Reboot your system:

sudo reboot

During boot, the firmware will display a blue screen asking you to enroll the MOK (Machine Owner Key). Follow the prompts:

  • Select “Enroll MOK”
  • Select your key
  • Enter the password you set in Step 4
  • Reboot again

If you don’t see the MOK enrollment screen, check your BIOS/UEFI settings and ensure Secure Boot is enabled and configured to allow key enrollment.

Step 6: Verify the module is now loaded

After reboot, check that vboxdrv is loaded:

lsmod | grep vboxdrv

You should see the module listed. You can also verify your imported keys:

sudo keyctl list %:.system_keyring

VirtualBox should now launch without errors.

Signing modules after VirtualBox updates

Whenever you upgrade VirtualBox, the kernel module binary changes and must be signed again:

sudo /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)

If you lose your MOK.priv file, you’ll need to create a new key and re-enroll it. Store your private key somewhere secure and backed up.

Alternative: Disable Secure Boot (not recommended)

If you’re on a personal machine and want a simpler solution, you can disable Secure Boot in UEFI settings, but this reduces system security. The signing approach above is the proper solution for production systems.

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *