Based on consumer experiences following this month’s Patch Tuesday, the August 2024 Home windows updates are breaking twin boot on Linux methods with Safe Boot enabled.
This situation is brought on by Microsoft’s resolution to use a Safe Boot Superior Concentrating on (SBAT) replace to dam Linux boot loaders unpatched in opposition to the CVE-2022-2601 GRUB2 Safe Boot bypass vulnerability, which may “have an effect on Home windows safety.”
“The vulnerability assigned to this CVE is within the Linux GRUB2 boot loader, a boot loader designed to help Safe Boot on methods which are operating Linux,” Microsoft says in an advisory printed final week to handle this situation.
“It’s being documented within the Safety Replace Information to announce that the most recent builds of Home windows are not susceptible to this safety function bypass utilizing the Linux GRUB2 boot loader.
“The SBAT worth shouldn’t be utilized to dual-boot methods that boot each Home windows and Linux and mustn’t have an effect on these methods. You may discover that older Linux distribution ISOs won’t boot. If this happens, work together with your Linux vendor to get an replace.”
Nonetheless, whereas Redmond says that the SBAT replace that blocks susceptible UEFI shim bootloaders mustn’t affect dual-boot methods in any method, many Linux users say that their methods (operating Ubuntu, Linux Mint, Zorin OS, Pet Linux, and different distros) not boot after putting in the August 2024 Home windows updates on the Home windows OS.
These affected see “Verifying shim SBAT information failed: Safety Coverage Violation. One thing has gone significantly unsuitable: SBAT self-check failed: Safety Coverage Violation” errors, and, for some, the gadgets may also immediately shut down.
At present, there isn’t any definitive listing of Linux distributions and variations affected by this identified situation and Linux customers who tried working across the situation say that deleting the SBAT coverage or wiping the Home windows set up and restoring Safe Boot to manufacturing facility settings won’t work.
The one obvious technique to revive the system is to disable Safe Boot, set up the most recent model of their favourite Linux distro, and re-enable Safe Boot.
Microsoft has but to acknowledge that putting in this month’s Patch Tuesday replace could render dual-boot methods unable as well.