Microsoft has supplied a workaround to quickly repair a recognized concern that’s blocking Linux from booting on dual-boot techniques with Safe Boot enabled.
The corporate says this short-term repair might help Linux customers revive unbootable techniques displaying “One thing has gone severely improper: SBAT self-check failed: Safety Coverage Violation” errors after putting in the August 2024 Home windows safety updates.
Many Linux customers confirmed they have been affected by this recognized concern following this month’s Patch Tuesday, as BleepingComputer reported on Tuesday.
These affected stated that their techniques (operating a variety of distros, together with however not restricted to Ubuntu, Linux Mint, Zorin OS, and Pet Linux) stopped booting into Linux after putting in this month’s Home windows cumulative updates.
The problem is triggered by a Safe Boot Superior Concentrating on (SBAT) replace designed to dam UEFI shim bootloaders weak to exploits focusing on the CVE-2022-2601 GRUB2 Safe Boot bypass. When it launched the replace, Microsoft stated the replace wouldn’t be delivered to units the place twin booting is detected.
Nonetheless, after acknowledging the difficulty this week, it additionally confirmed that “the dual-boot detection didn’t detect some custom-made strategies of dual-booting and utilized the SBAT worth when it mustn’t have been utilized.”
For individuals who have already put in the August 2024 Home windows updates and might now not boot Linux on their dual-boot units, Microsoft recommends deleting the SBAT replace and guaranteeing that future SBAT updates will now not be put in.
To do this, you’ll have to undergo the next process:
- Disable Safe Boot after booting into your system’s firmware settings (this requires completely different steps for each producer).
- Delete the SBAT replace by booting Linux and operating the
sudo mokutil --set-sbat-policy deletecommand and rebooting. - Confirm SBAT revocations by operating the
mokutil --list-sbat-revocationscommand and guaranteeing it is empty. - Re-enable Safe Boot out of your system’s firmware settings.
- Examine the Safe Boot standing by booting into Linux, operating the
mokutil --sb-statecommand, and guaranteeing the output is “SecureBoot enabled.” If not, retry the 4th step. - Forestall Future SBAT Updates in Home windows by operating the next command from a Command Immediate window as Administrator:
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecureBootSBAT /v OptOut /d 1 /t REG_DWORD
“At this level, you must now have the ability to boot into Linux or Home windows as earlier than. It is a good time to put in any pending Linux updates to make sure your system is safe,” Microsoft stated.
The corporate remains to be investigating the difficulty with the assistance of Linux companions and can present extra updates when new data is out there.