Microsoft has actually supplied a workaround to momentarily repair a recognized concern that is obstructing Linux from booting on dual-boot systems with Secure Boot made it possible for.
The business states this short-lived repair can assist Linux users restore unbootable systems showing “Something has actually gone seriously incorrect: SBAT self-check stopped working: Security Policy Violation” mistakes after setting up the August 2024 Windows security updates.
Lots of Linux users validated they were impacted by this recognized concern following this month’s Patch Tuesday, as BleepingComputer reported on Tuesday.
Those impacted stated that their systems (running a large range of distros, consisting of however not restricted to Ubuntu, Linux Mint, Zorin OS, and Puppy Linux) stopped booting into Linux after installing this month’s Windows cumulative updates.
The concern is set off by a Secure Boot Advanced Targeting (SBAT) upgrade created to obstruct UEFI shim bootloaders susceptible to exploits targeting the CVE-2022-2601 GRUB2 Secure Boot bypass. When it launched the upgrade, Microsoft stated the upgrade would not be provided to gadgets where double booting is spotted.
After acknowledging the concern this week, it likewise verified that “the dual-boot detection did not find some personalized approaches of dual-booting and used the SBAT worth when it need to not have actually been used.”
Linux boot broken after Windows security upgrade (Ok_Work_5257)
For those who have actually currently set up the August 2024 Windows updates and can no longer boot Linux on their dual-boot gadgets, Microsoft advises erasing the SBAT upgrade and making sure that future SBAT updates will no longer be set up.
To do that, you will need to go through the following treatment:
- Disable Secure Boot after booting into your gadget’s firmware settings (this needs various actions for each producer).
- Erase the SBAT upgrade by booting Linux and running the sudo mokutil– set-sbat-policy erase command and rebooting.
- Confirm SBAT cancellations by running the mokutil– list-sbat-revocations command and guaranteeing it’s empty.
- Re-enable Secure Boot from your gadget’s firmware settings.
- Examine the Secure Boot status by booting into Linux, running the mokutil– sb-state command, and guaranteeing the output is “SecureBoot allowed.” If not, retry the 4th action.
- Avoid Future SBAT Updates in Windows by running the following command from a Command Prompt window as Administrator: reg include HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control SecureBoot SBAT/ v OptOut/ d 1/ t REG_DWORD
“At this point, you ought to now have the ability to boot into Linux or Windows as previously. It’s a great time to set up any pending Linux updates to guarantee your system is safe and secure,” Microsoft stated.
The business is still examining the concern with the aid of Linux partners and will offer more updates when brand-new info is offered.