Shortcut
If you would like to run a script to resolve your error check out my github: VMWare Module Signing Script
Otherwise, a step by step walkthrough is up next.
Problem
If your Ubunutu machine is using the Unified Extensible Firmware Interface (UEFI) with secure boot enabled and you start up a virtual machine on VMWare Workstation you will get the following error:
If you attempt to load the kernel module manually it will be rejected by a security feature called secure boot
You have a couple options:
- Disable secure boot and load the modules
- Enroll a Machine Owner Key (MOK) with secure boot and sign the modules yourself.
Let's walk through the second option in order to maintain the secure boot security feature.
Part 1 - Prerequisites
Open your shell and ensure you have the openssl and mokutil packages installed by running the following command:
sudo apt update && sudo apt install openssl mokutil
Part 2 - Generate the signing key
Create a directory for your signing key
mkdir ~/vmware-signing
Generate your signing keys by running the following command. They will be output in the directory you just created.
openssl req -new -x509 -newkey rsa:2048 -keyout ~/vmware-signing/MOK.priv -outform DER -out ~/vmware-signing/MOK.der -nodes -days 36500 -subj "/CN=VMware Module Signing/"
Part 3 - Enroll your key with secure boot
sudo mokutil --import ~/vmware-signing/MOK.der
This command will ask you to set a password. Record it because you will need it in the next step.
Reboot your computer and follow the steps on the prompt to enroll your keys
Part 4 - Sign the modules
Use the following commands to sign the modules
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ~/vmware-signing/MOK.priv ~/vmware-signing/MOK.der $(modinfo -n vmmon)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ~/vmware-signing/MOK.priv ~/vmware-signing/MOK.der $(modinfo -n vmnet)
Part 5 - Reload the modules
Use the following command to reload the modules
sudo modprobe -r vmmon vmnet && sudo modprobe vmmon vmnet