In keeping with person reviews following this month’s Patch Tuesday, the August 2024 Home windows safety updates are breaking twin boot on some Linux programs with Safe Boot enabled.
This situation is brought on by Microsoft’s resolution to use a Safe Boot Superior Concentrating on (SBAT) replace to dam Linux boot loaders unpatched towards the CVE-2022-2601 GRUB2 Safe Boot bypass vulnerability, which may “have an impact on Windows security.”
“The vulnerability assigned to this CVE is in the Linux GRUB2 boot loader, a boot loader designed to support Secure Boot on systems that are running Linux,” Microsoft says in an advisory printed final week to deal with this situation.
“It’s being documented within the Safety Replace Information to announce that the newest builds of Home windows are now not susceptible to this safety characteristic bypass utilizing the Linux GRUB2 boot loader.
“The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems. You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.”
Nevertheless, whereas Redmond says that the SBAT replace that blocks susceptible UEFI shim bootloaders shouldn’t affect dual-boot programs in any manner, many Linux customers say that their programs (operating Ubuntu, Linux Mint, Zorin OS, Pet Linux, and different distros) now not boot after putting in the August 2024 Home windows updates on the Home windows OS.
These affected see “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” errors, and, for some, the units will even instantly shut down.
At present, there isn’t any definitive record of Linux distributions and variations affected by this recognized situation and Linux customers who tried working across the situation say that deleting the SBAT coverage or wiping the Home windows set up and restoring Safe Boot to manufacturing facility settings is not going to work.
The one obvious method to revive the machine is to disable Safe Boot, set up the newest model of their favourite Linux distro, and re-enable Safe Boot.
Microsoft has but to acknowledge that putting in this month’s Patch Tuesday replace might render dual-boot programs unable besides.
