Windows Update Causes Boot Issues for Linux Users, Affects Ubuntu 24.04 LTS

With the recent Windows updates rolled out on August 13, a notable disruption has emerged for users of various Linux distributions. Specifically, certain Linux installation media are now unable to boot due to the blocking of outdated boot loaders. This issue has particularly affected the current Ubuntu 24.04 LTS and its derivatives, such as Desinfec’t.

Security Measures and Their Implications

The root of the problem lies in the security measures implemented by Microsoft. Previous updates had already introduced blacklist entries in the Secure Boot DBX database, which prevented the booting of Linux systems with boot loaders deemed insecure. The latest updates, identified as KB5041571 and KB5041580, have introduced the Secure Boot Advanced Targeting (SBAT) feature, developed by the open-source community. This enhancement aims to address memory limitations in the BIOS of certain motherboards, which struggle to accommodate the DBX database containing signatures of vulnerable boot loaders.

Under the new SBAT framework, the Linux boot loaders Shim and Grub are designed to recognize when secure boot is compromised, leading to their failure to operate. While this update optimizes the size of SBAT blacklists, it does not eliminate the ongoing dependency on Microsoft for the certification and signing of the Linux boot loader Shim for Secure Boot. Consequently, only boot loaders from trusted sources, predominantly Microsoft, can be executed under Secure Boot. However, the introduction of SBAT allows for the disabling of faulty boot loaders without necessitating new entries in the DBX blacklist.

Scope and Impact

As for the scope of the impact, it remains somewhat unclear which systems and distributions are experiencing these boot issues. Microsoft has indicated that the update “does not apply to systems that dual boot Windows and Linux.” Nonetheless, reports are surfacing that suggest Linux boot sticks may also be affected on systems with parallel installations. In contrast, tests conducted on some systems reveal that Ubuntu 24.04 LTS continues to boot without incident. Importantly, Linux installations already residing on hard drives or SSDs will continue to function normally, provided the latest updates have been applied.

Waiting for New Images

To rectify the situation regarding outdated boot loaders, affected distributors will need to update their installation media, a process that may take several days. Alternatively, users have the option to disable Secure Boot on their devices; however, it is crucial to first document or print the Bitlocker recovery key. This precaution is necessary because encrypted Windows installations may react adversely to changes in Secure Boot, potentially prompting a request for the recovery key upon the next startup.

How to update adoptopenjdk windows?

To update AdoptOpenJDK on Windows, follow these steps: 1. Go to the official AdoptOpenJDK website. 2. Download the latest version installer for Windows. 3. Once the download is complete, run the installer. 4. Follow the on-screen instructions to complete the installation. The installer will automatically uninstall the previous version and replace it with the updated one. 5. Verify the update by opening a command prompt and typing 'java -version'.

How to update graphics drivers on windows 11?

To update graphics drivers on Windows 11: 1. Open Settings by pressing Win + I. 2. Go to Update & Security > Windows Update. 3. Click on 'Check for updates'. Windows will automatically download and install available updates, including graphics drivers. Alternatively, you can manually update graphics drivers by downloading the latest drivers from the graphics card manufacturer's website and running the installer. After the installation, restart your computer.