Microsoft Windows Update Disrupts Dual-Boot Linux Systems, Causes Errors

In a recent turn of events, a Windows update from Microsoft has inadvertently caused significant disruptions for users who dual-boot Linux alongside Windows. Reports have surfaced detailing error messages such as "Verifying shim SBAT data failed: Security Policy Violation" and "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation." These issues are affecting a variety of Linux distributions, including Ubuntu, Debian, Linux Mint, Zorin OS, and Puppy Linux.

Understanding the Update's Impact

The update was initially intended to address a vulnerability that allowed malicious actors to circumvent Secure Boot, a security feature designed to prevent unauthorized firmware from loading during the boot process. To implement this fix, Microsoft introduced an SBAT (Secure Boot Advanced Targeting) update. However, this update was not meant for dual-boot systems, leading to the current complications.

While Microsoft has not yet publicly commented on the situation, a workaround has been identified for Ubuntu users facing these issues. The following steps outline the solution:

Access the BIOS and disable Secure Boot (the method for doing this varies by PC manufacturer).
Log into a user account that has sudo privileges.
Verify that Secure Boot is disabled by executing the command mokutil --sb. The expected output should read SecureBoot disabled. If this message does not appear, reboot and check the BIOS settings again.
To manually remove Microsoft's SBAT Policy, open a terminal and enter the command sudo mokutil --set-sbat-policy delete. After executing this command, reboot the machine and log back in with the same user to update the SBAT policy.
Finally, reboot the machine once more, return to the BIOS, and re-enable Secure Boot.

This incident is not isolated; the past year and a half has seen multiple vulnerabilities that could compromise Secure Boot, allowing for potential injection of malicious code during the boot process. Despite the lack of a formal response from Microsoft, the company previously indicated in its bulletin for CVE-20220-2601 that the update should not affect dual-boot systems. However, user experiences shared on platforms such as Framework, Reddit, and the Linux Mint forums suggest otherwise.

Windows 10 does not boot after update?

If Windows 10 does not boot after an update, it could be due to a variety of reasons such as corrupted files, issues with the update itself, or hardware problems. Common symptoms include the computer being stuck in a boot loop, showing a blue screen, or not powering on at all.

How to fix windows 10 won't boot after update?

To fix Windows 10 if it won't boot after an update, try the following steps: 1. Use Windows Startup Repair. 2. Boot into Safe Mode and uninstall the problematic update. 3. Perform a System Restore to revert to a previous state. 4. Use Command Prompt to repair boot files using bootrec commands. 5. Disconnect external devices that might be causing issues. 6. Reset or reinstall Windows as a last resort. If unsure, consult a professional technician.

Update: 21 Aug 2024