Microsoft has offered a workaround to briefly repair a identified challenge that’s blocking Linux from booting on dual-boot programs with Safe Boot enabled.
The corporate says this non permanent repair will help Linux customers revive unbootable programs displaying “One thing has gone critically incorrect: SBAT self-check failed: Safety Coverage Violation” errors after putting in the August 2024 Home windows safety updates.
Many Linux customers confirmed they had been affected by this identified challenge following this month’s Patch Tuesday, as BleepingComputer reported on Tuesday.
These affected stated that their programs (working a variety of distros, together with however not restricted to Ubuntu, Linux Mint, Zorin OS, and Pet Linux) stopped booting into Linux after putting in this month’s Home windows cumulative updates.
The difficulty is triggered by a Safe Boot Superior Focusing on (SBAT) replace designed to dam UEFI shim bootloaders weak to exploits concentrating on the CVE-2022-2601 GRUB2 Safe Boot bypass. When it launched the replace, Microsoft stated the replace wouldn’t be delivered to gadgets the place twin booting is detected.
Nevertheless, after acknowledging the problem this week, it additionally confirmed that “the dual-boot detection didn’t detect some custom-made strategies of dual-booting and utilized the SBAT worth when it shouldn’t have been utilized.”
For many who have already put in the August 2024 Home windows updates and may not boot Linux on their dual-boot gadgets, Microsoft recommends deleting the SBAT replace and guaranteeing that future SBAT updates will not be put in.
To try this, you’ll have to undergo the next process:
- Disable Safe Boot after booting into your gadget’s firmware settings (this requires totally different steps for each producer).
- Delete the SBAT replace by booting Linux and working the
sudo mokutil --set-sbat-policy deletecommand and rebooting. - Confirm SBAT revocations by working the
mokutil --list-sbat-revocationscommand and guaranteeing it is empty. - Re-enable Safe Boot out of your gadget’s firmware settings.
- Verify the Safe Boot standing by booting into Linux, working the
mokutil --sb-statecommand, and guaranteeing the output is “SecureBoot enabled.” If not, retry the 4th step. - Stop Future SBAT Updates in Home windows by working the next command from a Command Immediate window as Administrator:
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecureBootSBAT /v OptOut /d 1 /t REG_DWORD
“At this level, you need to now be capable of boot into Linux or Home windows as earlier than. It is a good time to put in any pending Linux updates to make sure your system is safe,” Microsoft stated.
The corporate continues to be investigating the problem with the assistance of Linux companions and can present extra updates when new info is obtainable.