[Bug 2077083] [NEW] Secure Boot broken after SBAT blacklist update on Windows 2024-08 patchday
Launchpad Bug Tracker
2077083 at bugs.launchpad.net
Sun Aug 18 11:06:34 UTC 2024
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
On August 13th Microsoft Windows regular updates seem to have broken
access to systems with dual boot. A message is shown at boot "Verifying
shim SBAT data failed: Security Policy Violation Something has gone
serously wrong: SBAT self-check failed: Security Policy Violation". Grub
menu is not displayed an the system shuts off in a few seconds.
Accessing BIOS/UEFI settings and disabling secure boot mitigates the
problem as a first rescue action.
Seems related to bug #2076929.
Microsoft informed of such SBAT revocations:
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware
Interface (EFI)] This update applies SBAT to systems that run Windows.
This stops vulnerable Linux EFI (Shim bootloaders) from running. This
SBAT update will not apply to systems that dual-boot Windows and Linux.
After the SBAT update is applied, older Linux ISO images might not boot.
If this occurs, work with your Linux vendor to get an updated ISO image.
...dual-boot systems shouldn't have been affected and Linux vendors
might be contacted.
https://askubuntu.com/questions/1523353/windows-aug-13-update-broke-my-ubuntu-system
https://support.microsoft.com/en-us/topic/august-13-2024-kb5041773-os-build-14393-7259-51d25311-99ad-43d3-8373-92b40022b9e1
Not all computers seem to be affected, in fact just one of my own
portables was. On request I may provide further details of this
computer.
"Ubuntu 22.04.4 LTS" Linux ebano 6.8.0-40-generic #40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 30 17:30:19 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
grub-efi-amd64-signed 1.187.6+2.06-2ubuntu14.4
shim 15.7-0ubuntu1
shim-signed 1.51.3+15.7-0ubuntu1
David
** Affects: shim-signed (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: shim-signed (Debian)
Importance: Unknown
Status: Unknown
** Tags: dual-boot grub sbat secure-boot shim
--
Secure Boot broken after SBAT blacklist update on Windows 2024-08 patchday
https://bugs.launchpad.net/bugs/2077083
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
More information about the foundations-bugs
mailing list