August 2024 Windows updates cause dual boot issues on Linux systems, citing the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability

The August 2024 Windows updates have been causing issues for users who dual boot Windows and Linux. According to user reports, the updates are breaking dual boot functionality on Linux systems with Secure Boot enabled. This issue is due to Microsoft’s decision to apply a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability.

Details of the August 2024 Windows updates issue

Microsoft has stated that the SBAT update should not affect dual-boot systems. However, many Linux users have reported that their systems no longer boot after installing the August 2024 Windows updates. Affected users see “Verifying shim SBAT data failed: Security Policy Violation” errors, and some devices shut down immediately.

Impact on Linux distributions

The issue affects various Linux distributions, including Ubuntu, Linux Mint, Zorin OS, and Puppy Linux. There is currently no definitive list of affected distributions and versions. Users who have tried to work around the issue by deleting the SBAT policy or restoring Secure Boot to factory settings have reported that these methods do not work.

Solution

The only apparent way to revive the device is to disable Secure Boot, install the latest version of the Linux distribution, and then re-enable Secure Boot. This workaround is not officially acknowledged by Microsoft, and users are awaiting a formal solution.

Microsoft’s response

Microsoft has not yet acknowledged that the August 2024 Windows updates cause dual-boot systems to fail. The company’s advisory states that the SBAT update should not affect dual-boot systems, contradicting user reports.

The August 2024 Windows updates have introduced a significant issue for users who dual boot Windows and Linux. While Microsoft has not officially acknowledged the problem, users have found a workaround by disabling Secure Boot, updating their Linux distribution, and then re-enabling Secure Boot. Users are advised to exercise caution when installing Windows updates on dual-boot systems until a formal solution is provided.