Every upgrade to VMware Workstation on Linux, from my experience, has resulted in it needing to replace it's kernel modules
vmnet. This is great and all but I run Ubuntu with secure boot enabled so every kernel module that's loaded needs to be signed to run. Most of the ones for Ubuntu packages are signed already so work out of the box. However VMware ones are not.
This means when I start a VM after the upgrade, I get a message like this.
At this point I try to load the kernel module manually to see if secure boot is the culprit.
$ sudo modprobe -v vmmon insmod /lib/modules/4.15.0-39-generic/misc/vmmon.ko modprobe: ERROR: could not insert 'vmmon': Required key not available
Yup, the kernel module isn't signed.
Signing the VMware Workstation Kernel Modules
Let's sign them, and all should work as usual.
As I had to sign them manually when I first installed VMware I have already been through the process of generating a signing certificate (and key) to be used as a MOK (Machine Owner Key) and enrolling it into my BIOS so any binaries signed with it are allowed to run in kernel space.
If you haven't already got this setup you will need to follow another guide on generating the keys and enrolling them into your BIOS - this will require a reboot.
First we need to find where
vmnet are stored on disk so we can sign them.
$ modinfo vmmon filename: /lib/modules/4.15.0-39-generic/misc/vmmon.ko supported: external license: GPL v2 description: VMware Virtual Machine Monitor. author: VMware, Inc. srcversion: 34124618DC56E0D8F01F9F7 depends: retpoline: Y name: vmmon vermagic: 4.15.0-39-generic SMP mod_unload
The first line is the only one of interest here.
$ modinfo vmnet filename: /lib/modules/4.15.0-39-generic/misc/vmnet.ko ...
Then we can sign the binaries. Replace
<path from modinfo> with the
modinfo. You also will need to change
.der to your signing certificate files.
$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 vmware-MOK.priv vmware-MOK.der <path from modinfo>
This command needs to be run twice, once for the path to
vmmon.ko and again for
Finally we can load the new binaries.
$ sudo modprobe -v vmmon insmod /lib/modules/4.15.0-39-generic/misc/vmmon.ko $ sudo modprobe -v vmnet insmod /lib/modules/4.15.0-39-generic/misc/vmnet.ko
Now you can start VMs, but network adapters won't be connected as the network service hasn't been started. If you boot a VM and try to connect it's network adapter you'll get an error like this.
To enable networking is as simple as starting the service.
$ sudo vmware-networks --start Started Bridge networking on vmnet0 Enabled hostonly virtual adapter on vmnet1 Started DHCP service on vmnet1 Started NAT service on vmnet8 Enabled hostonly virtual adapter on vmnet8 Started DHCP service on vmnet8 Started all configured services on all networks
Everything should now just work!