Could not open vmmon after VMware Workstation Update

VMware Nov 23, 2018

Every upgrade to VMware Workstation on Linux, from my experience, has resulted in it needing to replace it's kernel modules vmmon and vmnet. This is great and all but I run Ubuntu with secure boot enabled so every kernel module that's loaded needs to be signed to run. Most of the ones for Ubuntu packages are signed already so work out of the box. However VMware ones are not.

This means when I start a VM after the upgrade, I get a message like this.

At this point I try to load the kernel module manually to see if secure boot is the culprit.

$ sudo modprobe -v vmmon
insmod /lib/modules/4.15.0-39-generic/misc/vmmon.ko 
modprobe: ERROR: could not insert 'vmmon': Required key not available

Yup, the kernel module isn't signed.

Signing the VMware Workstation Kernel Modules

Let's sign them, and all should work as usual.

As I had to sign them manually when I first installed VMware I have already been through the process of generating a signing certificate (and key) to be used as a MOK (Machine Owner Key) and enrolling it into my BIOS so any binaries signed with it are allowed to run in kernel space.

If you haven't already got this setup you will need to follow another guide on generating the keys and enrolling them into your BIOS - this will require a reboot.

First we need to find where vmmon and vmnet are stored on disk so we can sign them.

$ modinfo vmmon
filename:       /lib/modules/4.15.0-39-generic/misc/vmmon.ko
supported:      external
license:        GPL v2
description:    VMware Virtual Machine Monitor.
author:         VMware, Inc.
srcversion:     34124618DC56E0D8F01F9F7
retpoline:      Y
name:           vmmon
vermagic:       4.15.0-39-generic SMP mod_unload 

The first line is the only one of interest here.

$ modinfo vmnet
filename:       /lib/modules/4.15.0-39-generic/misc/vmnet.ko

Then we can sign the binaries. Replace <path from modinfo> with the filename from modinfo. You also will need to change vmware-MOK.priv and .der to your signing certificate files.

$ sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 vmware-MOK.priv vmware-MOK.der <path from modinfo>

This command needs to be run twice, once for the path to vmmon.ko and again for vmnet.ko.

Finally we can load the new binaries.

$ sudo modprobe -v vmmon
insmod /lib/modules/4.15.0-39-generic/misc/vmmon.ko
$ sudo modprobe -v vmnet
insmod /lib/modules/4.15.0-39-generic/misc/vmnet.ko

Now you can start VMs, but network adapters won't be connected as the network service hasn't been started. If you boot a VM and try to connect it's network adapter you'll get an error like this.

To enable networking is as simple as starting the service.

$ sudo vmware-networks --start
Started Bridge networking on vmnet0
Enabled hostonly virtual adapter on vmnet1
Started DHCP service on vmnet1
Started NAT service on vmnet8
Enabled hostonly virtual adapter on vmnet8
Started DHCP service on vmnet8
Started all configured services on all networks

Everything should now just work!


Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.