Click here: to donate by Credit Card
Or here: to donate by PayPal
Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Thank you very much and God bless you.
Posted on 05/18/2025 8:31:57 PM PDT by ransomnote
Long story short – the problem began after Microsoft’s August 2024 Patch updates, which included a mitigation for a known GRUB2 vulnerability (CVE-2022-2601). The flaw allowed malicious actors to bypass UEFI Secure Boot protections using a compromised GRUB2 bootloader.
To address this, Microsoft deployed a Secure Boot Advanced Targeting (SBAT) update (KB5041571) to block vulnerable bootloaders. Unfortunately, this had unintended consequences.
While it was supposed to detect and exempt dual-boot configurations from being affected, this detection failed in several scenarios. As a result, many dual-boot users with Windows and Linux on the same machine suddenly found themselves unable to get into their Linux system. Affected systems displayed error messages like:
Verifying shim SBAT data failed: Security Policy Violation SBAT self-check failed: Security Policy ViolationCode language: PHP (php)In other words, the bootloader was being rejected due to the SBAT policy, even though the system was expected to support both operating systems.
Fortunately, nine months later, after many user reports, frustration, and workarounds circulating across forums and GitHub issues, Microsoft finally acknowledged the problem and rolled out a fix during the just-released May 2025 Patch Tuesday updates (KB5058385).
(Excerpt) Read more at linuxiac.com ...
Click here: to donate by Credit Card
Or here: to donate by PayPal
Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Thank you very much and God bless you.
Microsoft is a virus.
Best fixed by installing Linux. Problem solved.
I have been running Linux Ubuntu in Hyper-V, which is part of Windows Pro and above.
That way you don’t have to dual boot and can run Windows and Linux at the same time.
Three version of the Ubuntu Virtual Machine are included with Hyper-V, V18LTS, V20LTS and V22LTS.
Hyper-V is a Type 1 VM, meaning the guest operating systems run directly on the hardware and are as fast as if you were running dual boot. Type 2 VMs are software emulators, and are much slower.
Doing it this way bypasses the GRUB vulnerability.
We ran Ubuntu under WSL which is close to the same thing.
Is this the same company that wants to make tens of millions of perfectly good computers junk?
I found out (the hard way) that some newer Linux distros also break dual boot by doing something that prevents the user from booting into Windows, whatever the flavor is. What I did to get around this was to 1). Program Windows first, remove the hardware, program Linux unto another drive, reinserting Windows ensuring it was the primary boot to O/S, then use BCDedit to dual boot the disks, or 2). Install Windows, install an older version of Linux (20.X), use BEDedit to fix the dual boot capabilities, then upgrade Linux to the current version. A lot of work, yes, but it works.
In the General/Chat forum, on a thread titled Microsoft Fixes Windows Update That Broke GRUB in Dual-Boot Systems, ducttape45 wrote: I found out (the hard way) that some newer Linux distros also break dual boot by doing something that prevents the user from booting into Windows, whatever the flavor is. What I did to get around this was to 1). Program Windows first, remove the hardware, program Linux unto another drive, reinserting Windows ensuring it was the primary boot to O/S, then use BCDedit to dual boot the disks, or 2). Install Windows, install an older version of Linux (20.X), use BEDedit to fix the dual boot capabilities, then upgrade Linux to the current version. A lot of work, yes, but it works.
I installed Linux 'along side' a fresh install of Windows and couldn't even see windows from that point forward.
I believe it had to do with the format of the flash drive(s) used to install each. Windows install flash was probably, by default MBR. The Linux flash was GBT, I think. So after installing Linux alongside I was surprised I couldn't see windows. When creating install flash for windows, the format is silently negotiated. I tried swapping BIOS from Legacy and then I could see Windows boot, but not Linux. Or it's all just a strange coincidence! I'm guessing this is the problem because, sadly, I had done a version of that before!
I may try your fix, or just set it aside someplace safe so later, you can save me hours of troubleshooting. :D
I installed Linux Mint bare metal on a refurbished ACER Chromebook that I snagged for $70. Even though I have several bigger machines, this has become my constant companion.
It is fortuitous that I looked at Free Republic just now as I have Rufus is completing a bootable USB drive with Ubuntu Studio 24.04.2 LTS that I am planning on installing alongside Windows 11 Pro tonight. I added a second drive to the computer and will be installing Ubuntu on that drive, because sometimes this helps alleviate some of the issues.
This is on a new AMD Ryzen 5 3500u mini-PC that I paid $119 for but have now added a few upgrades. It is more capable than I expected... it was going to be used as a server hooked to a RAID enclosure that would use less electricity than the larger computer that I currently am using. It uses very little power at idle. But it is capable enough that my plans have changed a bit for it.
I have had issues in the past with Windows or Linux breaking the dual boot in the past... so I am going to research this a little further before installing Ubuntu this evening... I may go the virtual machine route instead... except that the Ryzen’s capable integrated Vegas 8 GPU typically does not get used efficiently if at all in Hyper V virtual machines.
In the past I've constructed and used dual-boot systems, on both PCs and Macs. I've used Xen (another Type 1 hypervisor) to run various VMs. I've run VMs on various hosts in Type 2 hypervisors (usually VMware).
I would not choose to dual-boot again unless there was no other option. After you get used to the productivity of having two or three operating systems running at once, the annoyance of having to reboot to get to a different OS is just silly. The only justification would be if your application absolutely required every bit of CPU and RAM in the hardware.
 |  |
|---|
Hyper-V is pretty good, but it does have some functional limitations that are annoying. One I found was the inability to display the guest VM's desktop full-screen extended across 2 of my 3 monitors (one is the laptop, the other two are externals). It will do one, or all, but not "some". I suspect it's actually a limitation in the Hyper-V RDP interface to the VM.
Good luck tonight with your work. Sounds like fun! :-)
The Ubuntu installation did not mess up my Windows installation, but it in order to get into Ubuntu I have to do an advanced restart in Windows 11 and select it as the boot device from there... I am sure that I will be able to get it to work normally in the morning.
And I do find this type of troubleshooting exercise entertaining because I am a weirdo, I think.
This computer is going to spend most of its life as a small server. Since it is a relatively low power device, Ubuntu will likely run more efficiently natively rather than in a virtual machine. I have been exploring its capabilities. It actually runs MSFS 2020 surprisingly well with the proper settings and lower graphics resolution and detail. This actually is fairly impressive.
You're conversing with a kindred soul. Truly. Been that way since I was a teenager; I'm 73, and it hasn't changed. :-)
ransomnote putting out Linux articles... Thank you! MS is full of it, they did it on purpose. In fact they have done this in the past. They made deals with Laptop manufacturers to not allow an alternative OS to boot on their computers at all. And they have made it too complicated for the average user to set up the bios to boot an alternative from USB.
Yep - when I was teaching secure networking for the Acronym Intel Agencies, we used Windows Servers internally - with UNIX servers for going out of house.....I told them that the issues with Windows systems were actually “Undocumented Features”....
For those who might be interested in my latest mini-computer project, I am including the following details. Other than the upgrade to Windows 10 Pro almost everything else was purchased on Amazon.
In reality, the last thing I needed was another computer to further clutter up the house, but this one was too cheap and has featured that I found intriguing. I got it as part of a combo-deal where it was $119. It came with Windows 10 but the hardware meets Windows 11’s hardware requirements, so you immediately start getting the upgrade nags. I upgraded to Windows 10 pro before letting it upgrade to 11.
https://www.amazon.com/dp/B0DTKBHJT8
This is the organization that I use to purchase licenses on the cheap... I don't know how their game works, but none of the licenses that I have purchased through them have gone bad.
https://www.gamers-outlet.net/en/buy-windows-11-pro-cd-key-oem-microsoft-global-1
I purchased a cute little 14” touch screen monitor with a really nice little stand to go with it that with the coupon brought them down to $95. A single included USBC cable powers the monitor and provides the signal for video. For fun I have the monitor and computer powered with a 10ah LiFePO4 battery that I tried to use in a small UPS to replace the SLA battery that had reached the end of its useful life.
https://www.amazon.com/dp/B0DPGYRL4C
To get the voltage to the correct value. I have clipped a $2 cigarette lighter adapter to the battery in which I have inserted an $8.99 USBC fast charger.
https://www.amazon.com/dp/B0D3X6YWCQ
I am using a cable converter set the voltage to 20v and go from USBC to the 5.5mm to 2.5mm connector in the back of the computer.
https://www.amazon.com/dp/B08331ZNTP
I am monitoring the resulting voltage and power consumption from that with a small USBC “multimeter” which clips into the power circuit, which I actually paid about $5 with shipping for on AliEpress but are still a good value on Amazon for $14.
https://www.amazon.com/dp/B0D9QH4C7S
The little Ryzen powered mini-computer and monitor uses between 10 and 20 watts when doing normal tasks and up to 40 to 50 watts when doing graphic intensive games such as Microsoft flight simulator 2020 with it along with the joystick and rudder pedals. I clip a small and super cheap LiFePO4 trickle charger to the terminals of the battery to keep it from discharging too much.
It is just a goofy little project. It is more powerful than the 6-year-old Ryzen 2500u powered laptop that I am using to write this post with. The mini-computer uses approximately the same amount of current as the laptop and will run for approximately 8 hours on the 10AH LiFePO4 battery.
The assembly makes a very cute little package and I do appreciate that thought that went into the features and mini-computer form factor. The cooling is very effective and quieter than a laptop and the ease of pulling it apart to make hardware upgrades is wonderful. I added memory, upgraded the NVME drive, added an ATA SSD, and upgraded the wifi/bluetooth card to WIFI 6E and Bluetooth 5.3.
https://www.amazon.com/dp/B0D2NV2RDH
This morning, I have to migrate half a dozen websites and associated email services to a new hosting plan... so this little project will be on the backburner until this evening. Luckily the weather here is crappy, or I would also have a list of “honey do” projects to finish up as well.
I hear that! Good luck with the migrations.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.