I haven’t booted into the Windows partition on my Chuwi laptop for a while, but hearing that a recent Windows update leaves dual boot users unable to boot Linux at all, I’m glad I haven’t!
Microsoft’s mid-August drop of security updates to Windows 10 and Windows 11 includes a security patch to address an exploit targeting GRUB2 Secure Boot bypassing.
The Secure Boot Advanced Targeting (SBAT) update nixes the vulnerability by preventing ‘old, vulnerable boot managers’ from being able to boot.
Prior to release, Microsoft said this update would not be applied to systems where an active dual-boot was detected, thus ensuring existing multi-OS systems continued to work as expected.
But, as BleepingComputer reported, and later picked up by The Verge (amongst others), this detection failed. Windows updater applied the SBAT update on scores of systems where, according to Microsoft, it should not have been.
The impact was immediate.
Trying to boot Ubuntu, Zorin OS, Linux Mint, and other Linux distributions on a system with the SBAT update installed presents users with the following security error, rather than the boot-splash of their preferred distro:
Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SAT self check failed: Security Policy Violation
Linux forums, support venues, and social media are filled with (understandably) irate users seeking a solution, as well as the usual outrage from ‘FOSS influencer’ types.
Obviously, the fact a Windows update is preventing users from booting Linux is not a good look for Microsoft. But context: the update wasn’t out to nuke Linux, but patch a known vulnerability that allowed Secure Boot to be bypassed in GRUB2.
So I’ll reach for Hanlon’s Razor — “never attribute to malice that which is adequately explained by stupidity” — rather than self-aggrandising conspiracies: this is a slip-up, not some smoking gun in a decades-long conspiracy to ‘extinguish’ Linux.
Microsoft acknowledged its screw-up promptly, and says it’s “investigating the issue with our Linux partners and will provide an update when more information is available.”
It’s also shared a workaround/fix which users can follow to undo the update.
For now, if you you use Windows and Linux, you MUST not install the updates in question, not until Microsoft finalise a proper fix or sort out their ‘dual-boot detection’ method to prevent it from being applied.
If you’ve already installed the update and can’t boot Ubuntu, don’t panic: follow the steps Microsoft share on the support page I linked above and you should be golden.
“This is why you shouldn’t dual boot!”
The idea of dual booting Windows with Linux isn’t to everyone’s tastes, so this snafu will, I’ve no-doubt, raise smirks and ‘told ya’-sos in some quarters.
However, dual booting Windows with Linux remains ever-popular, providing a comfort blanket to Linux converts, and a pragmatic necessity to others.
People often need to run non-Linux software (or games), and it’s not uncommon for employers or education institutions to be sniffy over use of ‘non-authorised’ operating systems, or mandate the of use proprietary login methods, etc.
Alas, as easy as it sounds to rebel, not everyone has the privilege, the power, or the personal skills to make their computing preferences the priority of others.
Also, choice.
In my case, I want to access Windows from time-to-time to test Linux-related efforts like WSL or open-source ports to the platform (e.g., KDE Connect), etc. And as my awfully low-spec Chuwi laptop arrived with Windows, I presumably ‘paid’ for it, so I’m gonna keep it around.
Still, this is a reminder that using Windows alongside Linux comes with no guarantees.
Have you been affected by this Windows update? Let me know in the comments.
Deeply appreciate the tip, ActionParsnip – sorry it took me a week to open the message