[Bug 2077083] Re: Secure Boot broken after SBAT blacklist update on Windows 2024-08 patchday

Bug Watch Updater 2077083 at bugs.launchpad.net
Mon Aug 19 05:00:28 UTC 2024 

** Changed in: shim-signed (Debian)
       Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2077083

Title:
  Secure Boot broken after SBAT blacklist update on Windows 2024-08
  patchday

Status in shim-signed package in Ubuntu:
  Confirmed
Status in shim-signed package in Debian:
  New

Bug description:
  On August 13th Microsoft Windows regular updates seem to have broken
  access to systems with dual boot. A message is shown at boot
  "Verifying shim SBAT data failed: Security Policy Violation Something
  has gone serously wrong: SBAT self-check failed: Security Policy
  Violation". Grub menu is not displayed an the system shuts off in a
  few seconds. Accessing BIOS/UEFI settings and disabling secure boot
  mitigates the problem as a first rescue action.

  Seems related to bug #2076929.

  Microsoft informed of such SBAT revocations:

  [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware
  Interface (EFI)] This update applies SBAT to systems that run Windows.
  This stops vulnerable Linux EFI (Shim bootloaders) from running. This
  SBAT update will not apply to systems that dual-boot Windows and
  Linux. After the SBAT update is applied, older Linux ISO images might
  not boot. If this occurs, work with your Linux vendor to get an
  updated ISO image.

  ...dual-boot systems shouldn't have been affected and Linux vendors
  might be contacted.

  https://askubuntu.com/questions/1523353/windows-aug-13-update-broke-my-ubuntu-system
  https://support.microsoft.com/en-us/topic/august-13-2024-kb5041773-os-build-14393-7259-51d25311-99ad-43d3-8373-92b40022b9e1

  Not all computers seem to be affected, in fact just one of my own
  portables was. On request I may provide further details of this
  computer.

  "Ubuntu 22.04.4 LTS" Linux ebano 6.8.0-40-generic #40~22.04.3-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 30 17:30:19 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
  grub-efi-amd64-signed 1.187.6+2.06-2ubuntu14.4
  shim           15.7-0ubuntu1
  shim-signed    1.51.3+15.7-0ubuntu1

  David

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2077083/+subscriptions

More information about the foundations-bugs mailing list