Created signing key in order to run VirtualBox on an UEFI machine, any security risks?

asked 2016-03-14 20:10:16 -0600

knel
75 ●3 ●4 ●10

I followed this tutorial to create my own signing key so I could run VirtualBox on a computer with a UEFI boot. Are there any security risks associated with creating my own signing key? I don't have an expert-level understanding of security concepts but it seems like creating my own key is something that could have consequences, so forgive me if this is a silly question.

edit retag flag offensive close merge delete

Comments

Wait wait. From what I understand you are a running a PC with UEFI firmware. Do you have Secure Boot activated? If not just install VirtualBox the standard way (e.g as described here).

florian ( 2016-03-15 09:38:06 -0600 )edit

yeah, I have secure boot activated. Why would the default option be that I don't?

knel ( 2016-03-15 13:03:53 -0600 )edit

Not saying that this is the default option. Just wanted to make sure you are not trying something you don't have to do. But since it is enabled you need to get your kernel and kernel modules signed...which makes things more secure but also a bit more complicated:

Check out this one here: https://ask.fedoraproject.org/en/ques...

Some background info: https://docs.fedoraproject.org/en-US/...

florian ( 2016-03-15 14:22:50 -0600 )edit

thanks, I used the same instructions in the guide at the eguilor domain in the ask.fedora question you linked. I just wondered, is there anything more I need to know about creating my own keys and signing a kernel module? It just seems like an advanced action requiring some caution.

knel ( 2016-03-15 18:41:24 -0600 )edit

add a comment

1

answered 2016-03-15 23:45:15 -0600

cmurf
1167 ●40 ●29

The alternative is to use Gnome Boxes (included in Fedora Workstation), or install virt-manager. These use qemu/kvm so the support is already built-in and doesn't need any kernel modules being signed.