August 20, 2024 at 12:35PM
The August 2024 Windows updates are causing issues for dual boot on Linux systems with Secure Boot enabled. Microsoft’s Secure Boot Advanced Targeting (SBAT) update is blocking Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability, affecting various distros. Users may need to disable Secure Boot, update Linux, and re-enable Secure Boot. Microsoft has not acknowledged the problem.
Based on the meeting notes, it is clear that the August 2024 Windows updates are causing issues for dual boot Linux systems with Secure Boot enabled. The problem stems from Microsoft’s decision to apply the Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability. This has resulted in many Linux users experiencing boot failures with various distributions such as Ubuntu, Linux Mint, Zorin OS, and Puppy Linux after installing the August updates on Windows.
Despite Microsoft’s advisory stating that the SBAT update should not affect dual-boot systems, users are encountering “Verifying shim SBAT data failed: Security Policy Violation” errors, leading to immediate shutdowns of their devices. While attempts to work around the issue by deleting the SBAT policy or restoring Secure Boot to factory settings have proven ineffective, it appears that the only solution is to disable Secure Boot, install the latest version of their preferred Linux distribution, and then re-enable Secure Boot.
It is worth noting that there is currently no comprehensive list of affected Linux distributions and versions. Additionally, Microsoft has not yet acknowledged that the Patch Tuesday update may result in dual-boot systems being unable to boot. Therefore, it is essential to keep a close watch on developments and seek out further information from Microsoft and Linux vendors to address this issue.