Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Operating Systems Microsoft Linux

'Something Has Gone Seriously Wrong,' Dual-Boot Systems Warn After Microsoft Update (arstechnica.com) 144

Ars Technica's Dan Goodwin writes: Last Tuesday, loads of Linux users -- many running packages released as early as this year -- started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: "Something has gone seriously wrong." The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don't load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. [...]

With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).

This discussion has been archived. No new comments can be posted.

'Something Has Gone Seriously Wrong,' Dual-Boot Systems Warn After Microsoft Update

Comments Filter:
  • by Anonymous Coward on Tuesday August 20, 2024 @07:52PM (#64722234)

    because it can't be Microsoft causing the issue.

    • by arglebargle_xiv ( 2212710 ) on Tuesday August 20, 2024 @09:04PM (#64722358)
      Oh it's definitely a Microsoft issue, the error message "Something has gone seriously wrong" tells you that immediately. If it was anything to do with Linux it'd actually tell you what the problem was, and possibly even how to fix it, or at least give you a diagnostic message to Google with. Since it's Microsoft, all you get is "Something went wrong". Well no shit Sherlock, you think the fact that it isn't working hasn't already told me that?
      • by Anonymous Coward on Wednesday August 21, 2024 @12:15AM (#64722600)
        Did you look at the actual error screen? No, of course you didn't.

        Verifying shim SBAT data failed: Security policy violation
        Something went seriously wrong: SBAT self-test failed: Security Policy Violation

        • by TechyImmigrant ( 175943 ) on Wednesday August 21, 2024 @12:18PM (#64724344) Homepage Journal

          Did you look at the actual error screen? No, of course you didn't.

          Verifying shim SBAT data failed: Security policy violation
          Something went seriously wrong: SBAT self-test failed: Security Policy Violation

          I know a fair bit about the mechanics of secure boot, because I used to work and Intel and I designed some of the hardware related to secure boot.
          But I'm not so tied to the upper layers that I have a clue what an SBAT file is.
          If I see this error, I want to know what an SBAT file is, what it does, what the consequences of removing are. Of course if I didn't have another computer to look this information up on, I'm S.O.L.

          This is why errors should be comprehensive and informative to the point that either you know what to do or who to call. "Something went seriously wrong" is pointless text. "Security Policy Violation" Is a little better because it gives you some context, but it doesn't point you to where the security policy is or which policy was violated, or which line of a policy file holds the policy that was violated or what the thing was that was violating the policy.

          Shitty errors are a pox on the computer industry.

          • It's not a file.

            SBAT is 2 things.
            One, it's a UEFI NVRAM var (the revocation generation list) and 2, it's a section in a PE file (.sbat).

            It's a way to revoke signed PEs generationally, rather than clogging up the DBX (image revocation hash list)
            UEFI var contains minimum generation allowed for an identifier, .sbat section contains identifier and generation. .sbat section is protected by signature.
      • by organgtool ( 966989 ) on Wednesday August 21, 2024 @12:15AM (#64722602)
        This is one of my least favorite things about Windows. In Linux, I can review logs, diagnose the issue, fix it, and possibly execute mitigation strategies to prevent similar problems in the future. With Windows, it's all sad trombones, factory resets, and starting from scratch. And since I rarely get to find out what caused the issue, I get to live with the dread that it could happen all over again at any time and without any warning.
        • by gweihir ( 88907 )

          Well, yes. But what can you expect from 2rd rated tech?

        • by lsllll ( 830002 ) on Wednesday August 21, 2024 @01:56AM (#64722736)

          In Linux, I can review logs, diagnose the issue, fix it, and possibly execute mitigation strategies to prevent similar problems in the future.

          Grub grabs its crotch and says "check THIS log out".

        • Re: (Score:3, Informative)

          by thegarbz ( 1787294 )

          You not knowing how to use Windows is not a Windows problem. Not only is TFA trolling, the actual error message gives you a full information that SBAT self-test failed due to a security policy violation, but for any Windows related issue post secure boot you will have error messages in detail logged in the windows event log, even if on the screen it says "Something went wrong". Even on an unlogged app such as the Windows 11 installer, when you get the "something went wrong" useless message you have a comple

          • by organgtool ( 966989 ) on Wednesday August 21, 2024 @09:58AM (#64723786)
            My job has required me to contact Microsoft support on a number of occasions and never once did they ask me to open the Event Viewer, no matter how confounded they were by my problem. And whenever I have tried to use it, it's very slow, has a ton of similarly-named sections, and half the time it doesn't contain any useful information. So you can have fun calling me a noob, but even MS support rarely bothers with diagnostics in Windows. Instead, they usually run through a series of trial-and-error steps, each sets of steps more destructive than the last, which often culminates with performing a factory reset and hoping the problem never rears its ugly head again.
        • Regardless of improvements as others have pointed out, your point of criticism is a sequitur of the fact that MS Windows is a product made to be sold, whereas Linux is made to be used.
        • I had a Lenovo X1 motherboard replaced and it took me hours to find instructions (mostly via IRC) on how to update efivarfs for the new motherboard so GUB would see the existing Ubuntu partition. I think most people were just doing an Ubuntu reinstall (factory reset) instead of using the clean solution of updating efivars.

        • What you just outlined is that you rather open-source as opposed to closed source.

      • by DamnOregonian ( 963763 ) on Wednesday August 21, 2024 @12:37AM (#64722628)
        lol- I love it.
        The error is printed by the UEFI shim, not anything Microsoft wrote.
      • I guess because Microsoft contributed line 1967 of rhboot/shim.c?
    • by VeryFluffyBunny ( 5037285 ) on Wednesday August 21, 2024 @03:47AM (#64722866)
      The question is, is Microsoft the Boeing of computing or is Boeing the Microsoft of software? They should merge or something.
  • What were other distros waiting for?

    • by reanjr ( 588767 ) on Tuesday August 20, 2024 @08:43PM (#64722318) Homepage

      For people to care about secure boot, probably. Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.

      • by codebase7 ( 9682010 ) on Tuesday August 20, 2024 @10:09PM (#64722436)
        I care about Secure Boot. I use Secure Boot for the opposite of it's "unofficial" purpose: I.e. To keep Microsoft out of my data.

        Long Story: The only machine I use SB on is an upgraded Windows 10 machine. That machine dual boots it's original Windows 7 installation, which has full disk encryption from a third party. (I.e. You have to enter a password into the third party's bootloader on boot.) That third party bootloader, and Windows 7, is signed by my SB KEK. But Microsoft's SB KEK and SB db is not.

        As a result, Windows 7 and it's third party bootloader can boot just fine when Secure Boot is enabled, but Windows 10 cannot. (As it's not signed, the system stops with a Secure Boot Violation error.) This keeps Windows 10, and MS, out of my Windows 7 disk, and let's me know if they try to pull something funny with the ESP.

        Before you ask: Yes, they've tried crap before. One time they tried installing replacement bootloaders for every folder that they detected a Microsoft binary in. That was fun to fix, because Microsoft didn't backup any of the files nor check to see if they were actually signed by MS before updating them. (They weren't. MS's Secure Boot signature was removed on all of them due to that machine's buggy UEFI only being able to handle one SB signature on the binaries without crashing.)
      • by thegarbz ( 1787294 ) on Wednesday August 21, 2024 @03:38AM (#64722852)

        Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.

        You should re-phrase your comment. It would read better "Historically, much of the community using Linux as a hobbyist OS, has not been supportive of such technologies, seeing it as a poison pill."

        The wider Linux community, developers, and the many people working tirelessly to make Linux a king of secure and hardened systems are fully in support of Secure Boot and every major distro has implemented support not only for using Microsoft's shim but also generating your own signatures and loading them into UEFI.

        • The current incantation of secure boot is quite good and I'm glad that it is embraced. Early versions were meant to lock out non-Microsoft operating systems. Some people have not recovered from those initial impressions. Fortunately, those who actually work on operating systems are able to be a bit more up-to-date and a bit less emotional and recognize that the current secure boot mechanisms are good for everyone.
        • by dlarge6510 ( 10394451 ) on Wednesday August 21, 2024 @08:17AM (#64723404)

          > The wider Linux community, developers, and the many people working tirelessly to make Linux a king of secure and hardened systems are fully in support of Secure Boot

          No. I've been using GNU/Linux since 1998 full time and can safely say that this statement is false.

          The only reason the nightmare that is Secure Boot is supported at all by any distro is for ease of use. New users don’t want to muck about switching it off just to get GRUB to load. So distros HAVE to support it, just like Debian HAVE to break their own rules and include non-free drivers by default.

          If what you say is true. Then explain why SB on Linux isn’t worth shit.

          Why are you (I'm presuming you are one of these serious developers trying to make GNU/Linux really secure), still using SB like a toy?

          Why are you STILL after all these YEARS using the SHIM?

          I take it you have signed the distros kernel images? The init? With what keys? With whos keys? We all know there are only ONE set of keys that can do that and they belong to Microsoft. I mean those two components are essential at the most minimum level. Yet you STILL fake it by running the ONLY thing MS will let you sign: the SHIM.

          Ooh, so advanced, so secure. Or are you telling me that Debian 12 has signed every binary using Debians own PK, KEK etc? How do I sign my own compiled kernals then? What process? Last time I looked at Debian 12s kernel build method it had no capabilities to sign a kernel for SB.
          If the distro does use their own SB keychain, what do they do with the MS keys? Are Debian signing Windows 10 too? You must DELETE the MS keys from SB if you want to go it alone, so how are you all supporting SB and dual booting with windows?

          You use the shim.

          Face it. Anyone who actually knows how SB works (and I suspect you clearly dont) knows that it is, by default, and without a load of manual intervention on the part of the user that sits in the chair, broken, hijacked and MS controlled out of the box.

          Linux distros fake SB compliance by using a worthless little shim that MS signs. Thats it. After that shim is confirmed to be good, anything goes and SB is effectivley useless. It is nothing more than a user freindly feature to help novices run Linux.

          It has nothing to do with improving security. If it were the user would have to put in a lot of hard graft to set it up, or if the distro has its own keys, the user must give up booting windows.

          The vast majority of x86/x64 computers powered on right now across the entire world run windows. A tiny sliver of those machines dual boot GNU/Linux and an even smaller proportion of that run it as the only OS. Since I started in 1996/7 and moved fully to it from ‘98/’99 or so I can tell you, as much as you hate to be told this, WE ARE ALL HOBBYISTS RUNNING AN UNCOMMON HOBBYIST OS.

          It’s a bitter pill I know. C’mon, Apple are bigger than us. OS/2 is bigger than us and that’s not even on users desktops!

      • by Ed Tice ( 3732157 ) on Wednesday August 21, 2024 @07:52AM (#64723324)
        Initial versions of secure boot (Palladium), clearly were designed to make non-commercial OS non-viable. So there's good reason for such suspicion. Current incantations of secure boot, on the other hand, are quite good. And it's a shame that they aren't embraced.
      • For people to care about secure boot, probably. Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.

        And incidents like this are certainly giving us a very positive impression that Secure Boot is not about killing "hobbyist" OSes.

    • every distro patched for this 2 years ago. The issue seems to be that the Windows update was supposed to lock out non patched versions of GRUB but that they somehow managed to also lock out patched versions of GRUB.
      • Did it?
        Mine's still working fine...
        Are we sure we're not just getting an accounting of everyone who hasn't updated their distro in a couple of years, and has SecureBoot enabled?
  • by shm ( 235766 ) on Tuesday August 20, 2024 @07:59PM (#64722246)

    At this stage in my life and career I just donâ(TM)t have the time to fight this battle.

    About 5 years ago I just started using one piece of hardware per OS.

    • by reanjr ( 588767 )

      I have a nice, easy-to-open case, and a second NVMe I plug in when I want to switch. For me, it's great. I don't switch that often, so it's not a big deal to spend 5 minutes switching. If I wanted to switch more often, I'd probably get a dual NVMe motherboard and handle it that way. Definitely the way to go, keeping things separate.

    • Hell, I even have a separate machine just for gaming. I don't trust that all the automatic updating and anti-cheat bullshit isn't going to break something.

    • by antdude ( 79039 )

      Same. I got tired of it even if I have two drives with their own OSes.

    • by HBI ( 10338492 )

      This is helped along by the fact that the Nvidia cards I have are suitable only for Windows, and i'd only use AMD on Linux. So yes, this makes way more sense.

    • I don't dual boot. I have Linux Mint installed as a VirtualBox VM in seamless mode on my Windows desktop. I adjusted its toolbar to the top, so I have a collapsible Linux Mint toolbar on the top of my screen, and a self-hiding Windows toolbar on the bottom. I've had the same VM, in multiple copies, for ten years and have upgraded Mint over 7 major and a slough of minor versions. It has been my right-hand trusted enclave on five different laptops now. Running in a VM keeps the hardware configuration it

      • I don't dual boot. I have Linux Mint installed as a VirtualBox VM in seamless mode on my Windows desktop.

        Welcome to backwards-land! You put the reliable OS in a VM under the unreliable one, whee!

        It lives in an encrypted container, so no Windows process can see the files in it.

        It's hosted on Windows, so Windows can see everything in memory.

    • by JBMcB ( 73720 )

      It's at the point where even low-end hardware is fast enough to run most things quickly enough. Even old hardware is usually fine. I just revamped my old Haswell desktop for my son, with a faster boot SSD and NVME drive on a PCIe card (you can still use NVME on old hardware, you just can't boot from it.) It's plenty fast for most things, unless you want to play the latest games, which he doesn't.

    • Just FYI, I still dual boot Linux and OpenBSD just fine.

    • VMs on one OS. Dual-booting became moot when hardware speed virtualization became possible.
    • The only system I use dual boot is my game PC. Windows 8.1 and Linux. If a game does not run on Linux (or runs badly), then it usually runs OK on Windows 8.1 and since I do not play games all the time, rebooting is not a problem.

    • My wife has a very high spec Windows machine and I simply refuse to even try to fix it - it also happens to be configured with a language I cannot read, so that is another good reason.
    • Re: (Score:2, Insightful)

      by thegarbz ( 1787294 )

      Dual booting serves no purpose in 2024. It was relevant back in the day where virtual machines were so detached from hardware that you suffered some very serious performance issues not dualbooting. But these days there's virtually (hahahha a pun I'm so clever) no reason not to use a VM if you need a second OS.

      • by Viol8 ( 599362 )

        The only issue with VMs is that they're another layer of hassle you have to get working before you worry about the guest OS and having to get that working too. Other than that I agree with you.

    • My only use case for Windows was games and that compatibility problem was largely solved (for me) last time I bought a PC, four years ago. All the games I want to play run well on Linux, usually thanks to Steam (Proton), sometimes thanks to Lutris (Wine). I know a few games have issues and I do not care. A very vast majority of games runs just fine on Linux.

  • Why are we allowing the boot sector of a drive to choose which other sector, possibly on another drive, to actually boot?

    Why havent bios makers made this simple? I already go in there from time to time to select boot from USB.... why isnt a regularized boot choice something that just comes up before a single sector of any drive is read? preferences/configuration via bios?
    • EFI boot does this.

      IIRC my mirror shows up as 'debian' and 'debian-2' in BIOS.

      • by codebase7 ( 9682010 ) on Tuesday August 20, 2024 @10:23PM (#64722448)
        Technically, the BIOSes of old did so as well. Many even had built in menus that could be accessed by hitting a key or key-combo on the keyboard during POST. A few even had showing the builtin menu as a default option.

        Not exactly new functionality from EFI here. (Though like everything else with EFI, history has been altered to support it.)
  • Happened to me (Score:5, Interesting)

    by ArchieBunker ( 132337 ) on Tuesday August 20, 2024 @08:01PM (#64722254)

    My laptop dual boots windows and Debian. After the last windows update, windows refused to boot at all. It halts very early in the process. Trying to do a startup repair or similar repairs did not work. I ended up having to reinstall. Although secure boot is disabled on all my devices.

  • by prowler1 ( 458133 ) on Tuesday August 20, 2024 @08:12PM (#64722276)

    I ran dual boot for years, mainly for Games and Office.

    With the advent of Open Office being good enough and Steam providing Proton, my Windows install basically stopped being used about 4 years ago. Ironically, it was broken by a Windows update about 3 years ago and I never bothered to fix it, just formatted the partition and used it for extra storage.

    This year I built a new machine and requiring a Windows boot option was not even considered.

  • If you must dual boot, I highly recommend using the Windows bootloader to boot Linux, rather than Grub. You'll be happier on a long term basis when these types of things don't hit you.

    • It has been a long time since I dual booted, but doesn't the Linux distro actually install GRUB? If so why would MS patch it, shouldn't the Linux distro be maintaining it?
      • by DamnOregonian ( 963763 ) on Wednesday August 21, 2024 @12:48AM (#64722644)
        MS didn't patch GRUB.
        MS shipped a new UEFI SBAT.
        It's responsible for signed image revocations.

        MS blacklisted a known-very-broken grub image. Part of their job as the OS/SecureBoot CA is to blacklist bad signed UEFI images.
        For whatever it's worth, this was patched and shipped on every distribution in existence 2 years ago.
        • Wait, does that mean this is only hitting people running ancient, vulnerable versions of GRUB? If so, surely the user has to take some responsibility here for not updating?

          Not that I want to get in the way of some good ol' MS bashing, but lets share the blame equitably here. Seems like MS (finally, eventually) did the right thing here and now it's affecting people who don't patch...

          • No, the problem is that Microsoft patches the UEFI with new keys including some that break old GRUB but also that break old Windows as Microsoft has lost its keys over time as well.

            That is however not the problem, the problem is that some parts of Microsoft OS (eg drivers and startup daemons) are still signed with old keys that have been revoked since and this breaks the Microsoft OS in odd ways leading to unbootable Windows.

            The Linux systems work fine, GRUB works fine, this affects computers that donâ

            • No, the problem is that Microsoft patches the UEFI with new keys including some that break old GRUB but also that break old Windows as Microsoft has lost its keys over time as well.

              That is however not the problem, the problem is that some parts of Microsoft OS (eg drivers and startup daemons) are still signed with old keys that have been revoked since and this breaks the Microsoft OS in odd ways leading to unbootable Windows.

              The Linux systems work fine, GRUB works fine, this affects computers that donâ(TM)t even have GRUB, it is only the signing keys for some versions of GRUB that have been revoked leading to Microsoft pieces not booting - implying that either they have revoked additional keys or they are signing with GRUB keys.

              Do you have a bug reference for this?
              The distro bugs say people who got the new SBAT can't boot linux unless they have shim 15.8 released January
              23, 2024. https://bugs.debian.org/cgi-bi... [debian.org] https://bugs.launchpad.net/ubu... [launchpad.net]

        • If you got the new SBAT shim 15.7 is blocked, you need 15.8 released 23 Jan 2024.
          https://bugs.debian.org/cgi-bi... [debian.org]
          https://bugs.launchpad.net/ubu... [launchpad.net]

    • If you must dual boot, I highly recommend using the Windows bootloader to boot Linux, rather than Grub. You'll be happier on a long term basis when these types of things don't hit you.

      It's suspected that not using grub may be the cause of dual boot not being detected. Can you confirm that you're able to boot with shim 15.7 or didn't get the new SBAT?

  • by mukundajohnson ( 10427278 ) on Tuesday August 20, 2024 @09:19PM (#64722388)

    is when something goes seriously wrong

  • by Rosco P. Coltrane ( 209368 ) on Tuesday August 20, 2024 @09:20PM (#64722394)

    In a VM inside Linux.

    I'm not letting this turdaroonie of an OS have access to the real hardware. I don't trust Microsoft's honesty - as in, if I dual booted, I wouldn't put it past Microsoft to mount my Linux partitions and exfiltrate data off of them. And even if I did, I don't trust Microsoft's competence anyway.

    Windows is malware. So it runs in a sandbox.

    • by znrt ( 2424692 )

      I'm not letting this turdaroonie of an OS have access to the real hardware

      oh, a search with one single result!
      https://www.google.com/search?... [google.com]

      was it you? :o)

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Yup. I bought a used ex-business desktop PC last year, it came with Windows 10 Pro installed (and activated) on the bare metal. First thing I did was image the entire disk, then I blew away Windows and installed Linux. Shortly after, I had Windows running in a VM using QEMU/KVM, still activated. Since then I've upgraded the VM to Windows 11. Even though my hardware is unsupported (TPM 1.2, unsupported CPU), the VM presents supported hardware to Windows, so Windows update offered the upgrade without any "per

  • Used to triple boot among OS/2, Win 3.0, and Linux. Funny how I spent most of the time in Linux. Maybe because it supported ethernet cards with IP networking out of the box. Win? Just to run that one app, but lack of networking sucked. OS/2? Thank you for token ring and dialup netoworking. Or not.

    • by vbdasc ( 146051 )

      You never booted Windows 3.0 . You actually booted DOS. (yes, I'm aware that Windows 3.x can also run under OS/2).

      By the time Linux became really usable, OS/2 already had TCP/IP, web browsers and whatnot. And it supported Ethernet, of course.

    • Token ring, haven't heard that in a while. Reminded me of this.

      One of the best Dilbert's ever (the early years):

      https://community.spiceworks.c... [spiceworks.com]

  • I only have Mint and macOS on all of my devices so I guess I dodged a bullet here. Win12 was driving me nuts so my laptop is mint only now. Might give Ubuntu another shot though.
  • Microsoft patches a vulnerability in GRUB, of all things?

  • I love it when I'm attempting to do something important with my computer, and instead it hangs and displays a picture of a cartoon dinosaur that shrugs at me.
  • It is nothing but DRM anyways and does not actually protect against attacks by 3rd parties. It does prevent some "attacks" by users though as DRM is supposed to. I have also stopped putting Linux and Windows on the same machine. Microsoft has no inhibitions doing sabotage attacks...

    • What are you talking about? Secure Boot ensures that disks can't be physically removed and read on other media. It also ensures that the OS boots in-tact with all security features in place as setup by the user. It doesn't prevent guessing password or attacks that rely on remotely exploitable OS defects. But it's not designed to do that.

      Even if you hate Windows and think it can't be setup securely, Linux distributions also use secure boot and for good reason. I don't know how this stuff keeps getti

  • I gave up on dual boot several decades ago.

    Windows has absolutely no care or respect for other OS on the same drives and will constantly ride rough-shod over your bootloader without giving a damn.

    Virtualise it, or don't bother.

    Even back in the day I would always prefer one bootloader to take charge and the rest to be isolated from that, starting with things like ZIPSLACK / UMSDOS and nowadays virtualisation.

    I don't understand those people who continue to struggle with MS trashing their bootloaders and enfor

  • Yeah, you installed Windows. That's what's gone wrong.

  • If you are using Windows...

    - that is what is wrong!

  • I boot using MBR ;)

    Works perfectly find on my MB that’s only a few years young and I don’t have a > 2TB drive to boot from.

    I'm starting to look into UEFI now thst I can trust it to actually work considering the horrid mess early implementations were (or still are: HP!).

    On paper it looks pretty good, in practice it was pretty horrid with several UEFI implementations being totally non-functional for UEFI boot if you were not running windows (eh HP??? figured it out yet).

    HP for example, as I kee

  • I have secure boot turned off and I dual boot Linux (Slackware) and Windows. To make a choice I press F12 at boot time to get into Boot selection menu from UEFI and select either Windows or Slackware.

    This Monday I did that as usual and Slackware did not boot - it failed to find the root filesystem. It turned out that the EFI partition contained a folder for my Slackware with elilo.conf saying that Linux root file system is on /dev/nvme0n1p5, the /etc/fstab said that the root filesystem is in /dev/nvme0n1p5,

  • Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. o address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions. https://discourse.ubuntu.com/t... [ubuntu.com] Sbat Windows update stops old Linux shim from working https://support.microsoft.com/ [microsoft.com]
    • Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. o address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions.

      https://discourse.ubuntu.com/t... [ubuntu.com]

      Sbat Windows update stops old Linux shim from working

      https://support.microsoft.com/... [microsoft.com]

      Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. o address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions.

      https://discourse.ubuntu.com/t... [ubuntu.com]

      Sbat Windows update stops old Linux shim from working

      https://support.microsoft.com/... [microsoft.com]

      According to https://bugs.launchpad.net/ubu... [launchpad.net] shim 15.7 is not enough if you got the new SBAT, you need 15.8 (released on January
      23, 2024) Additional Ubuntu bugs https://bugs.launchpad.net/ubu... [launchpad.net] and https://bugs.launchpad.net/ubu... [launchpad.net]

      Debian bug: https://bugs.debian.org/cgi-bi... [debian.org] only Sid is currently unaffected (has shim 15.8). The reporter doesn't use grub but selects the system at startup in the UEFI's boot menu which he suspects is the cause of windows not recognizing dual boot.
      Debian shim security trac

  • by WaffleMonster ( 969671 ) on Wednesday August 21, 2024 @11:43AM (#64724188)

    Every time something fails with Microsoft all you ever fucking get is utterly worthless and useless messages. They don't care or try.

    Everyone gets to waste hours fucking around with a profiler just to fix shit because Microsoft can't be bothered to ever mention (or log) even the subject of failure.

  • Dual-boot is a major major headache because motherboards cannot disable NVME.

    If you have windows on one drive and linux on another, they will always peek into the other drive and muck up stuff.

    NVME are annoying to take out and put in. They are behind GPU, covers and thermal tape.

    So, one OS per computer now.

  • When will it start sinking that running Windows is a non-starter? Microsoft has the same quality standards as a pot head in high school, who sits at the back of the room, and can't remember what class they're in. Microsoft is so comically bad, they're now resorting to crashing other operating systems, just so they look less shitty, not good, just less terrible. Why does Microsoft suck so bad?

    Honestly, why? I highly doubt it's the engineers, or the developers, I bet you can blame all the problems on ma

FORTUNE'S FUN FACTS TO KNOW AND TELL: A black panther is really a leopard that has a solid black coat rather then a spotted one.

Working...