MOK manager utility won't show up on reboot on Ubuntu 16.04 (dual boot)

Question

As it is generally known, naively install and start virtualbox 5.2.4 on ubuntu 16.04 will meet secure boot issue:

$ virtualbox
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
         available for the current kernel (4.10.0-42-generic) or it failed to
         load. Please recompile the kernel module and install it by

       sudo /sbin/vboxconfig

     You will not be able to start VMs until this problem is fixed

Thus, I am trying to make virtualbox work with secure boot enabled, basically I followed posts using mokutil: https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail/

But on my ASUS QT425Q with secure boot enabled and fast boot disabled. After I import the public key set the passcode

# mokutil --import /root/module-signing/MOK.der
  input password:
  input password again:

The MOK manager utility won't show up on reboot. And I can enroll the key, could anyone help me figure out what is happening? Thanks!

2017561-1 · Accepted Answer · 2018-02-14T05:07:38.937

At last, I solved this problem by reordering the booting order with the help from the mokutil author lcp, following this post fix this issue: https://github.com/lcp/mokutil/issues/11#issuecomment-356159399

1. Check whether MOK files exist.

   $ sudo -i
   # cd /sys/firmware/efi/efivars
   # ls Mok*
   MokAuth-605dab50-e046-4300-abb6-3dd810dd8b23
   MokNew-605dab50-e046-4300-abb6-3dd810dd8b23
   MokSB-605dab50-e046-4300-abb6-3dd810dd8b23

2. Check the order of the boot.

   # efibootmgr -v
   BootCurrent: 0000
   Timeout: 2 seconds
   BootOrder: 0000,0001,0002
   Boot0000* ubuntu HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\UBUNTU\GRUBX64.EFI)
   Boot0001* Windows Boot Manager   HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\MICROSOFT\BOOT\BOOTMGFW.EFI)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...d................
   Boot0002* ubuntu HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO

3. Reorder the boots.

So in the previous printout, for instance, we need to swap the Boot0000* with Boot0002*.

# efibootmgr -o 0002,0001,0000
# efibootmgr -v
BootCurrent: 0002
Timeout: 2 seconds
BootOrder: 0002,0001,0000
Boot0000* ubuntu    HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\UBUNTU\GRUBX64.EFI)
Boot0001* Windows Boot Manager  HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\MICROSOFT\BOOT\BOOTMGFW.EFI)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...d................
Boot0002* ubuntu    HD(1,GPT,dabc2835-8f96-4429-ba98-3abadcfcaa57,0x800,0x82000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO

4. Now reboot. And the Mok manager should shows up on boot.

Hope this can help others.

score 0 · Answer 2 · answered Feb 14 '18 at 06:58

It's not necessary to call up the Mok tool. Just sign the kernal module with sha256,

 /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 <key> <x509> /lib/modules/`uname -r`/misc/vboxdrv.ko
 /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 <key> <x509> /lib/modules/`uname -r`/misc/vboxnetadp.ko
/usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 <key> <x509> /lib/modules/`uname -r`/misc/vboxnetflt.ko
/usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 <key> <x509> /lib/modules/`uname -r`/misc/vboxpci.ko

Then reinstall the modules to the kernel.

MOK manager utility won't show up on reboot on Ubuntu 16.04 (dual boot)

2 Answers2

Linked