VirtualBox 6.0.10 Adds UEFI Secure Boot Driver Signing On Ubuntu And Debian 10+ Hosts


VirtualBox 6.0.10 was released today, and while this is a maintenance release, with mostly bug fixes, it does come with an important addition: support for UEFI secure boot driver signing on Ubuntu and Debian 10+ hosts.

VirtualBox is a x86 and AMD64/Intel64 virtualization software that runs on Windows, Linux, macOS and Solaris, and supports a large number of guest operating systems, including Windows Linux, Solaris, OpenSolaris, OS/2 and OpenBSD.

A VirtualBox bug about secure boot driver signing not working on Linux was opened 6 years ago, and it has yet to be marked as completely fixed. With the latest 6.0.10 release though, VirtualBox supports UEFI Secure Boot driver signing on Ubuntu and Debian 10+ hosts, so users no longer need to manually sign the vbox kernel modules, or disable secure boot in order to run virtual machines.

Part of the problem is that any automatic way to sign kernel modules is probably only marginally safer than disabling signing altogether. Of course, it is hard to say for sure, just as it is hard to say for sure how much security benefit signing modules even provides, particularly on a desktop system.

The quote above is from a VirtualBox developer, posted as a comment on this bug report. He continues in a new comment:

This is fixed for Ubuntu as of the current 6.0 and trunk test builds. The reason it was possible to do it for Ubuntu is that they already provide a mechanism of their own for use with DKMS modules. The problems I mentioned in my last comment still apply, but since Ubuntu has decided to provide this themselves this was their decision not ours.

He also suggests anyone who wants this fixed for other Linux distributions to ask the distribution to provide a mechanism they can use.

Related: VirtualBox Guest Additions Installation In Ubuntu, Linux Mint, Debian, Fedora And openSUSE [How-To]

Other interesting changes in VirtualBox 6.0.10:

  • User interface: fix resize problems with recent Linux hosts
  • Linux hosts: fix focus grabbing problems with recent Qt versions
  • Linux guests: do not try to load old versions of libcrypt on recent guests in Guest Additions tools
  • Linux guests: udev rules for guest kernel modules did not always take effect in time
  • Linux guests/VMSVGA: do not forget the guest screen size after a guest reboot
  • USB: improve captured device identification
  • USB: Fixed "unrecoverable error" problems in OHCI emulation

The complete changelog can be read on the VirtualBox website in case you're interested.

Download VirtualBox

The VirtualBox downloads page offers the latest VirtualBox 6.0 (6.0.10 right now) for Windows, macOS, Linux and Solaris. There are Linux packages and repositories for Ubuntu, Debian, openSUSE, Fedora, Oracle Linux, Red Hat Enterprise Linux, and CentOS 7.

If you have the VirtualBox repository enabled on your system, all you have to do is install the virtualbox-6.0 package to get the latest version.