I’ve not booted into the Windows partition on my Chuwi laptop for a few months, but having heard that a recent Windows update leaves dual-boot users unable to boot Linux at all, I’m rather relieved I haven’t!
As BleepingComputer reported, Microsoft’s latest monthly drop of security updates for Windows 10 and Windows 11 included a patch to plug an exploit targeting GRUB2 Secure Boot bypassing.
The update for Secure Boot Advanced Targeting (SBAT) blocks ‘old, vulnerable boot managers’ from booting — older versions of GRUB, in particular.
Prior to release, Microsoft said the update would not be applied on systems where an active dual-boot was detected. Skipping the update would ensure existing Linux/Window setups would continue to function as normal.
But that detection failed in some cases and, to quote Microsoft, the Windows updater “applied the SBAT value when it should not have been applied”.
And the impact was immediate.
Affected users who dual-boot Windows with Linux distribution(s), including Ubuntu, Linux Mint, Zorin OS, were presented with an error when attempting to boot anything other than Windows: –
Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SAT self check failed: Security Policy Violation
Forums, support venues, and social media filled up with (understandably) irate users seeking a solution, as well as predictable mock-outrage from ‘FOSS influencers’ using the flub as fuel to feed the algorithms with.
Microsoft has acknowledged the error and shared an interim workaround to fix it (which isn’t one-click simple, but isn’t difficult to follow). It says it’s “investigating the issue with our Linux partners and will provide an update when more information is available.”
For now, if you you use Windows and Linux, you may want to avoid installing the update above until Microsoft finalises a fix — and if you already installed it, follow the fix Microsoft has posted to regain access to your Linux install.
Dual-Boots Remain Popular
Admittedly I’m a few days late to this news—deeply appreciate the tip ActionParsnip, sorry it took me 5 days to open the message—and, all being well, a proper fix that doesn’t require proding the Windows Registry will be issued soon.
But the mere idea of dual-booting Windows with Linux is ideologically impure to some. This snafu will no-doubt raise a smirk and a few ‘told ya’-sos in some quarters.
Yet dual-boots remain popular.
They are a comfort blanket for new Linux converts, and a pragmatic necessity for others. People need to run non-Linux software or games, their work or education infrastructure systems may require an ‘authorised’ platform, etc
Not everyone is able to dictate their computing preferences to others.
In my case, I like to access Windows from time-to-time to test Windows-related Linux efforts, like WSL, open-source ports (e.g., KDE Connect), etc. And since my awfully low-spec Chuwi laptop came with Windows I presumably ‘paid’ for it, so I ain’t erasing it!
Still, this is a good reminder that using Windows alongside Linux comes with no guarantees. Itt’s good to pay attention to what you’re installing in Windows, before you install it — assuming Windows doesn’t just go ahead and install for you anyway…