Microsoft has confirmed the August 2024 Home windows safety updates are inflicting Linux booting points on dual-boot techniques with Safe Boot enabled.
The problem is brought on by a Safe Boot Superior Concentrating on (SBAT) replace utilized to dam Linux boot loaders unpatched in opposition to the CVE-2022-2601 GRUB2 Safe Boot bypass vulnerability.
“Ensuing from this subject, your machine may fail in addition Linux and present the error message ‘Verifying shim SBAT information failed: Safety Coverage Violation. One thing has gone severely flawed: SBAT self-check failed: Safety Coverage Violation,'” Microsoft defined.
“The August 2024 Home windows safety replace applies a Safe Boot Superior Concentrating on (SBAT) setting to gadgets that run Home windows to dam outdated, susceptible boot managers.”
The corporate added that the SBAT replace designed to dam susceptible UEFI shim bootloaders won’t be delivered to gadgets the place twin booting is detected.
Nevertheless, it additionally acknowledged that “the dual-boot detection didn’t detect some personalized strategies of dual-booting and utilized the SBAT worth when it shouldn’t have been utilized.”
As BleepingComputer reported on Tuesday, many Linux customers confirmed they had been affected following this month’s Patch Tuesday. They say that their techniques (working Ubuntu, Linux Mint, Zorin OS, Pet Linux, and different distros) stopped booting into Linux after putting in the August safety updates on the Home windows OS.
What for those who already up to date?
Linux customers who tried working round this identified subject say that advised options like deleting the SBAT coverage or wiping the Home windows set up, after which restoring Safe Boot to manufacturing facility settings won’t work on all affected gadgets.
The one verified method to revive any impacted system is to disable Safe Boot, set up the newest model of your favourite Linux distro, and re-enable Safe Boot.
Microsoft additionally offered a workaround for individuals who have not but accomplished the set up of the August 2024 safety updates by rebooting, which requires utilizing the next opt-out registry key to interrupt the deployment course of and cease the buggy updates from putting in:
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecureBootSBAT /v OptOut /d 1 /t REG_DWORDThe corporate is investigating the difficulty with its Linux companions and can present an replace when extra particulars can be found.