VMWare Workstation Pro on Secure Boot Ubuntu

Written by James McDonald

September 30, 2021

I enabled secure boot on my Ubuntu 20.04 workstation running VMWare Workstation Pro.

Problem: Every time the kernel is upgraded VMWare cannot load its unsigned kernel modules

Cause: Secure boot means that all kernel modules have to be marked as trusted by the secure boot module before the kernel can load them

Check if secure boot is enabled

sudo mokutil --sb-state?
# output when enabled
SecureBoot enabled

If mokutil is missing

sudo apt install mokutil

You need to create a couple of certificates and import them as per the vmware article


Create a private and public key to sign your vmware modules

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=VMware/"
# sign the compiled modules DO THIS AFTER COMPILING THE MODULE (i.e. after you click the install button and it says it failed to insert the kernel modules)
sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmmon)
sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vmnet)
# install public key 
mokutil --import MOK.der

The module signing part as a script:

# filename: signModules.sh
# cd to where you store the MOK.priv MOK.der certs
# run this as root e.g. sudo sh ./signModules.sh
for i in vmmon vmnet
    echo Signing $i
    sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n $i)


Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…