​Microsoft has supplied a workaround to briefly repair a identified situation that’s blocking Linux from booting on dual-boot programs with Safe Boot enabled.
The corporate says this non permanent repair can assist Linux customers revive unbootable programs displaying “Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” errors after putting in the August 2024 Home windows safety updates.
Many Linux customers confirmed they have been affected by this identified situation following this month’s Patch Tuesday, as BleepingComputer reported on Tuesday.Â
These affected stated that their programs (working a variety of distros, together with however not restricted to Ubuntu, Linux Mint, Zorin OS, and Pet Linux) stopped booting into Linux after putting in this month’s Home windows cumulative updates.
The difficulty is triggered by a Safe Boot Superior Focusing on (SBAT) replace designed to dam UEFI shim bootloaders susceptible to exploits focusing on the CVE-2022-2601 GRUB2 Safe Boot bypass. When it launched the replace, Microsoft stated the replace wouldn’t be delivered to gadgets the place twin booting is detected.
Nonetheless, after acknowledging the difficulty this week, it additionally confirmed that “the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.”
​For many who have already put in the August 2024 Home windows updates and may not boot Linux on their dual-boot gadgets, Microsoft recommends deleting the SBAT replace and making certain that future SBAT updates will not be put in.
To do this, you’ll have to undergo the next process:
- Disable Safe Boot after booting into your machine’s firmware settings (this requires completely different steps for each producer).
- Delete the SBAT replace by booting Linux and working the
sudo mokutil --set-sbat-policy deletecommand and rebooting. - Confirm SBAT revocations by working the
mokutil --list-sbat-revocationscommand and making certain it is empty. - Re-enable Safe Boot out of your machine’s firmware settings.
- Examine the Safe Boot standing by booting into Linux, working the
mokutil --sb-statecommand, and making certain the output is “SecureBoot enabled.” If not, retry the 4th step. - Forestall Future SBAT Updates in Home windows by working the next command from a Command Immediate window as Administrator:
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecureBootSBAT /v OptOut /d 1 /t REG_DWORD
“At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure,” Microsoft stated.
The corporate remains to be investigating the difficulty with the assistance of Linux companions and can present extra updates when new data is accessible.
