Ask Your Question
0

Created signing key in order to run VirtualBox on an UEFI machine, any security risks?

asked 2016-03-14 20:10:16 -0600

knel gravatar image

I followed this tutorial to create my own signing key so I could run VirtualBox on a computer with a UEFI boot. Are there any security risks associated with creating my own signing key? I don't have an expert-level understanding of security concepts but it seems like creating my own key is something that could have consequences, so forgive me if this is a silly question.

edit retag flag offensive close merge delete

Comments

Wait wait. From what I understand you are a running a PC with UEFI firmware. Do you have Secure Boot activated? If not just install VirtualBox the standard way (e.g as described here).

florian gravatar imageflorian ( 2016-03-15 09:38:06 -0600 )edit

yeah, I have secure boot activated. Why would the default option be that I don't?

knel gravatar imageknel ( 2016-03-15 13:03:53 -0600 )edit

Not saying that this is the default option. Just wanted to make sure you are not trying something you don't have to do. But since it is enabled you need to get your kernel and kernel modules signed...which makes things more secure but also a bit more complicated:

Check out this one here: https://ask.fedoraproject.org/en/ques...

Some background info: https://docs.fedoraproject.org/en-US/...

florian gravatar imageflorian ( 2016-03-15 14:22:50 -0600 )edit

thanks, I used the same instructions in the guide at the eguilor domain in the ask.fedora question you linked. I just wondered, is there anything more I need to know about creating my own keys and signing a kernel module? It just seems like an advanced action requiring some caution.

knel gravatar imageknel ( 2016-03-15 18:41:24 -0600 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2016-03-15 23:45:15 -0600

cmurf gravatar image

The alternative is to use Gnome Boxes (included in Fedora Workstation), or install virt-manager. These use qemu/kvm so the support is already built-in and doesn't need any kernel modules being signed.

edit flag offensive delete link more
0

answered 2016-03-15 14:24:15 -0600

florian gravatar image

You need to get your vbox kernel modules signed. Please follow instructions from here: https://ask.fedoraproject.org/en/ques...

edit flag offensive delete link more

Question Tools

Stats

Asked: 2016-03-14 20:10:16 -0600

Seen: 262 times

Last updated: Mar 15 '16