Install Newer Versions of VirtualBox

From Kicksecure
Jump to navigation Jump to search

Otherversions-1695760640.jpg

Introduction[edit]

The virtualization platform is an essential component of a secure Kicksecure ™ system. A vulnerable virtualizer may provide opportunities for attackers to perform a breakout from a virtual machine in order to undo the security by isolation features that Kicksecure ™ provides. The decision to install an alternative virtualizer should not be taken lightly.

The two methods described below to install VirtualBox are safer than downloading, verifying, and installing binaries manually.

Recommended VirtualBox Version[edit]

Moved to recommended VirtualBox version.

Newer VirtualBox Version[edit]

Install VirtualBox from Debian Unstable[edit]

Ambox warning pn.svg.png Discouraged: Use the recommended VirtualBox version instead.

Ambox warning pn.svg.png Unknown if currently possible. [1]

Install from VirtualBox.org Repository[edit]

Ambox warning pn.svg.png Discouraged: Use the recommended VirtualBox version instead.

Ambox warning pn.svg.png Warning: this procedure will install a foreign software source.

The Free Support Principle applies to this procedure. The latest Oracle VirtualBox package information can be found here.

Note: after upgrading the VirtualBox host version, this can cause issues with the guest VMs such as broken VM size adjustment (full screen) [2] unless the VirtualBox guest additions are also upgraded inside your virtual machine (which is not covered in these instructions).

1. Add the Oracle apt sources list.

Make sure to change bullseye to the current name of your stable distribution.

sudo su -c "echo -e 'deb https://download.virtualbox.org/virtualbox/debian bullseye contrib' > /etc/apt/sources.list.d/oracle.list"

2. Add Oracle's signing key to APT keyring.

Securely download the key.

curl --tlsv1.3 --proto =https --location --remote-name-all --remote-header-name https://www.virtualbox.org/download/oracle_vbox_2016.asc

Display the key's fingerprint.

gpg --keyid-format long --import --import-options show-only --with-fingerprint oracle_vbox_2016.asc

Verify the fingerprint. Should show.

pub rsa4096/A2F683C52980AECF 2016-04-22 [SC]

Key fingerprint = B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
uid Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>

sub rsa4096/AD18C79D920E471F 2016-04-22 [E]

Ambox warning pn.svg.png Warning:

Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.

Add the signing key.

sudo cp oracle_vbox_2016.asc /etc/apt/trusted.gpg.d/oracle.gpg

3. Update the package lists.

sudo apt update

4. Install VirtualBox and Linux Kernel Headers, which are a dependency.

sudo apt install virtualbox-6.1 linux-headers-$(uname -r)

5. Mount the ISO in the guest virtual machine to install.

The VirtualBox Guest Additions ISO is included in the package. Instructions can be found here.

Footnotes[edit]

  1. Was not possible as of Debian buster. Dependencies such as for package glibc were too new. This meant a host of updated dependencies from Debian unstable wer pulled and mixed with Debian stable, often leading to many issues including system instability.
  2. Problems after upgrading Kicksecure ™ - cannot full size Kicksecure ™ screen


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.