1

After installing RHEL 8 with the required libraries and signed vmmon & vmnet, then imported the mok I am still unable to run a virtual machine in VMWare Workstation (the same goes for VMWare Player) This is how I am signing vmmon and vmnet:

openssl req -new -x509 -newkey rsa:2048 -keyout VMWare.priv -outform DEF -out VMWare.der -nodes -days 36500 -subj "/CN=VMware/"

/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./VMWare.priv ./VMWare.der $(modinfo -n vmmon)
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./VMWare.priv ./VMWare.der $(modinfo -n vmnet)


mokutil --import VMWare.der

I successfully import VMWare.der on reboot but I still get the following error:

Could not open /dev/vmmon: No such file or directory. Please make sure that the kernel module `vmmon' is loaded.

Thanks

Graham Harris

Update 1:

I have reverted back to RHEL 7.8, updated, and signed the VMMON & VMNET files, got "Can't read private key", imported the MOK and the installation was borked.

Update 2: On the boot screen the system says

Red Hat Enterprise Linux Server (3.10.0-1127.e17.x86_64) 7.8 (Maipo)

If I update to the latest that is when the system cannot get past the UEFI splash screen.

Update 2

Switched back to RHEL 8, and after importing the MOK I run mokutil -l and the key is not found.

However a recent search found this article on git MOK enrollment silently fails #105

Summary of the issue:

When writing MokList with EFI_VARIABLE_APPEND_WRITE, some HP laptops may just return EFI_SUCCESS without writing the content into the flash, so we have no way to detect if MokList is updated or not. Now we always read MokList first and write it back with the new content.

Graham Harris
  • 121
  • 4

2 Answers2

0

After many attempts (even after looking at the source of MOKUTIL) I have disabled secure boot on the UEFI boot settings on the computer and VMWare worked. This is the configuration that allows me to run VMWare on RHEL 8. Using BIOS Mode to boot still requires the drivers to be signed, however, disabling secure mode for UEFI boot mode vmmon and vmnet do not need to be sigend.

For those who want to know the BIOS information here they are, to get this information I used sudo dmidecode :

# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.
---%<-------------

BIOS Information
    Vendor: Dell Inc.
    Version: A05
    Release Date: 07/26/2012
    Address: 0x00000
    Runtime Size: 64 kB
    ROM Size: 8 MB
    Characteristics:
        PCI is supported
        BIOS is upgradeable
        BIOS shadowing is allowed
        Boot from CD is supported
        Selectable boot is supported
        BIOS ROM is socketed
        EDD is supported
        5.25"/1.2 MB floppy services are supported (int 13h)
        3.5"/720 kB floppy services are supported (int 13h)
        3.5"/2.88 MB floppy services are supported (int 13h)
        Print screen service is supported (int 5h)
        8042 keyboard services are supported (int 9h)
        Serial services are supported (int 14h)
        Printer services are supported (int 17h)
        ACPI is supported
        USB legacy is supported
        BIOS boot specification is supported
        Targeted content distribution is supported
        UEFI is supported
    BIOS Revision: 4.6


---%&lt;-------------
Graham Harris
  • 121
  • 4
0

I'm running Fedora 36, and I was able to get VMware to boot up a virtual machine without needing to disable secure boot.

I followed the steps from this VMware knowledge base article.

However, I was not able to follow step 2 because I do not have /usr/src/linux-headers because I installed "Development Tools" and "Development Libraries" as suggested by this answer.

Instead, I scrolled down to the Related Information section from that VMware knowledge base article and signed the kernel files at /usr/src/kernels/.

For the mokutil public key importing step, I needed superuser privileges. Note this step involves creating a new password.

And most importantly, for the MOK enrollment screen to show up in the UEFI console, I needed to use the command reboot from my terminal as opposed to restarting the computer from the start menu. I followed the steps in the UEFI console which prompted for the new password that I created when I imported the public key to the system's MOK list. These steps eventually prompted me to reboot my computer again, which I did.

And voila! I am now able to run my Kali VM on VMware.

FriskySaga
  • 111
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Community Jan 02 '23 at 21:18