“Something has gone seriously wrong,” dual-boot systems warn ..

Topic

New Reply

“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update

CVE-2022-2601

Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.”

The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don’t load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday…

* Workaround : Users should delete the SBAT file that Microsoft included with this patch.

SBAT Revocations: Boot Process

3 users thanked author for this post.

jburk07, Steve S., Cybertooth

Reply | Quote

Replies

From ElevenForum – Aug. 13th Windows Update broke dual-boot Windows 10/11 and Linux PCs

1 user thanked author for this post.

Alex5723

Reply | Quote

Also:

https://borncity.com/win/2024/08/21/windows-august-2024-update-paralyzes-linux-boot/

Why does Microsoft have such control over the hardware/firmware of my computer? Sure does make me extremely hesitant to do any more Windows Updates from here on…

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

1 user thanked author for this post.

Cybertooth

Reply | Quote

August 2024 security update might impact Linux boot in dual-boot setup devices

After installing the August 2024 Windows security update, released August 13, 2024 (KB5041585), you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

Workaround: If you haven’t finalized the installation of the August 2024 update with a reboot yet, you can use the below opt-out registry key, so your device doesn’t install this update. You will be able to delete the registry key if you want to install future SBAT updates later on. ..

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

1 user thanked author for this post.

Steve S.

Reply | Quote

https://www.neowin.net/news/microsoft-shares-more-info-on-fixing-broken-dual-boot-after-august-patch-tuesday-updates/

..Microsoft provided more information about fixing the issue on affected systems. If your Windows-Linux machine cannot boot into Linux, try the following to bring it back to life:..

1 user thanked author for this post.

den4

Reply | Quote

I now run only Windows 10 on this PC, but it is actually a dual-boot system via TeraByte Unlimited’s BootIt UEFI (BIU), which I use for backups/restores and other partition work. After a recent attempted reboot, my PC got the deadly “Verifying shim SBAT data failed…” message briefly; then the system powered off. The same thing happened on any subsequent poweron.

Apparently the newer version of BIU (v2.01) makes windows happier. I have now installed that upgrade on two PCs that had the “shim SBAT” problem. So far all now works again.

I don’t know if BIU itself is based on Linux. At any rate BIU seems to experience the same “shim SBAT” problem that many Linux users have now reported. Apparently it was the installation of Windows update KB5041580 that caused all this. I had installed KB5041580 on 8/14/24 and had no problems with it until I rebooted today.

Reply | Quote

I dual-boot Linux Mint 21.1 and Windows 10 on 2 computers, a laptop that boots legacy (no Secure Boot possible) and a desktop booting UEFI but with Secure Boot disabled. If I understand the articles I’ve been reading about this problem, it seems that I can go ahead and install the August Windows update without encountering this problem, is that correct?

Or would it be better to add Microsoft’s registry key before installing the August CU, to block the SBAT update until there is a fix available from either Windows or Mint?

On the UEFI machine, I might want to enable Secure Boot in the future but haven’t done so yet since it seems there are sometimes problems (like this one) with Linux and Secure Boot.

If I need to post this question in the Linux forum instead, please let me know.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

Reply | Quote