sudo update-secureboot-policy --new-key
find $(dirname $(modinfo -n vboxdrv)) -name "*.ko" -exec sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der {} \;
sudo update-secureboot-policy --enroll-key

Generate a key for signing your kernel modules:

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=DKMS signing key/"

sudo mokutil --import MOK.der

sudo mv MOK.* /root/

Reboot and add the key

You will be presented a blue text screen. Choose “Enroll MOK”, then you can choose to view your key or just “Continue”. Choose “Yes” and input the password from before. Your key should be added now and you can reboot.

Sign the virtualbox kernel modules

find $(dirname $(modinfo -n vboxdrv)) -name "*.ko" -exec sudo kmodsign sha512 /root/MOK.priv /root/MOK.der {} \;

Load the kernel modules

modprobe vboxdrv