Posted on 08/27/2024 4:58:51 AM PDT by ShadowAce
Microsoft is known for their signature, “my way or the highway” approach when it comes to their offerings, with the Windows operating system being the most prominent one among those.
Many in the FOSS community disagree with that approach, with a strong rejection of such practices, suggesting people go for more open options for their operating systems and applications, and I agree with them.
Unfortunately, that same approach has now affected many Linux distribution users, who were sent scampering searching for a fix to a problem caused by a Windows update (who would've expected that?).
Source: paku1234First spotted by Ars Technica, a monthly Windows update pushed on August 13 that included a fix to a two-year-old vulnerability, CVE-2022-2601, with an 8.6 CVSS severity rating, caused dual-boot systems with Windows and Linux distros to not boot.
That fix was meant to tackle an issue with the GRUB bootloader, which allowed malicious actors from carrying out-of-bound writes, and possibly bypass secure boot.
But, it caused some collateral damage in the process. After updating, many users, including users of Ventoy, and Ubuntu 24.04, reported that they were shown the following error:
Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation
This update installed an SBAT, which is an acronym for Secure Boot Advanced Targeting, a Linux-focused method for discarding various components in the boot path using generation numbers embedded into the EFI binaries. (apologies for the jargon)
However, this mechanism was meant to run with devices only running Windows, and, according to Microsoft, this should not have caused any issues on dual-boot systems, at least on newer Linus distributions.
But, as we know already, it did. 😑
Following these revelations, in a statement, Microsoft mentioned that they were aware of “some secondary boot scenarios are causing issues for some customers”, and that they were working with their Linux partners to investigate and address the issue.
Thankfully, the community has come to the rescue, with manutheeng, a member of the Linux Mint forums, finding a solution for Ubuntu in an old post on the Ubuntu forums.
sudo mokutil --set-sbat-policy delete
The above steps should also work with any Ubuntu-based Linux distribution. If that doesn't work, then you might be facing what a Framework laptop user faced.
If dual-boot systems were more common, then this issue would've been treated with more haste, like the CrowdStrike incident that took place last month, but that was not Microsoft's fault.
So, it's better than nothing. 🙂
Ultimately, there's still the matter of Secure Boot being an absolute mess, that has left many people questioning whether this could've been implemented in a better way.
I think that it could've, the PC industry rushed its implementation before it was ready.
DUAL boot? Windows loads just fine as a VM under Linux /s
Part of the problem is the stupidity of anyone running any M$ system allowing auto-updates. Turn that off.
Want to imbibe MS updates? Let them stew for a couple of weeks to see if the stupid people out there have been crippled. If all goes well, allow the updates that are more than 2 weeks old.
The only Windows I have is an XP machine on Virtual Box, Works great.
I barely play the old XP and W7 games enough to even put in a virtual box.
Besides they need the CD to run.
Never really checked for a workaround.
You can connect the hardware CD drive to the virtual box
The BOWEP (Best of Windows Entertainment Pack) runs ok on XP...which is now, the only reason I have that VM.
What if Linux is on a separate drive from Windows, and you use an F keys (F11 on my MSI mobo) to choose which drive to boot from? That is how I usually did it.
Microsoft is bringing back Recall.
Windows 11 will have Recall where everything you do is recorded. They say this information will be stored locally.
I doubt it.
They will use the information for their AI program and to sell you.
Is this true with all versions of Windows or just Windows 11?
It's hard to say, as it's never mentioned. However, I'd err on the side of caution and say that this is true for all Windows updates since the article never limited that statement.
I'm not sure. It's worth some testing though. My understanding is that the Windows update messed around with the firmware, so it's possible that it affected scenarios like that one as well.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.