Many users have recently reported issues with their dual-boot Linux/Windows setups following the August 13 Windows 11 update. The core of the issue lies in changes to UEFI Secure Boot Advanced Targeting (SBAT) policies that Microsoft has enforced, targeting old, exploitable certificates.
Changes in SBAT Policies
With the latest update, Microsoft has taken steps to enforce SBAT and revoke older, vulnerable certificates. Self-signed UEFI shims, commonly used by various Linux distributions, are no longer acceptable due to potential exploits. As a result, systems running outdated versions of GRUB with known vulnerabilities encounter error messages such as “verifying shim sbat data failed: security policy violation” or “something has gone seriously wrong: sbat self-check failed: security policy violation.”
Resolving the Issue
To address the problem, affected Linux users need to update GRUB or disable the SBAT policy on the Linux side. These measures are essential to align with the new security standards. It’s crucial to understand that this update is not primarily a Microsoft problem but a necessary security measure.
Practical Solutions for Dual-Boot Users
Software developers and gaming enthusiasts reliant on dual-boot setups are particularly impacted. It’s always advisable to back up data before performing system updates. Additionally, considering alternatives like using virtual machines can offer a more stable environment for those relying on older Linux distributions.
Conclusion
For more information on SBAT revocations and the boot process, users can refer to the Ubuntu Discourse. As always, staying informed and cautious with updates can help maintain system integrity and security.
