August 21, 2024 at 11:05AM
August 2024 Windows security updates are causing issues for dual-boot on some Linux systems with Secure Boot enabled. Microsoft applied a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 vulnerability, impacting various Linux distributions. The affected users are experiencing “Verifying shim SBAT data failed” errors and immediate shutdowns.
Based on the meeting notes, it seems that the August 2024 Windows security updates are causing dual boot issues for some Linux users. Microsoft applied a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability. This decision was made to address a security feature bypass using the Linux GRUB2 boot loader.
Despite Microsoft’s assurance that the SBAT update should not impact dual-boot systems, many Linux users have reported that their systems no longer boot after installing the August 2024 Windows updates. They are encountering “Verifying shim SBAT data failed: Security Policy Violation” errors and, in some cases, their devices are immediately shutting down.
At this time, there is no definitive list of affected Linux distributions and versions, and attempts to work around the issue by deleting the SBAT policy or restoring Secure Boot to factory settings have been unsuccessful. The only current solution appears to be disabling Secure Boot, installing the latest version of the Linux distro, and then re-enabling Secure Boot.
It is also noted that Microsoft has not yet acknowledged that the installation of this month’s Patch Tuesday update may render dual-boot systems unable to boot.