'Something Has Gone Seriously Wrong,' Dual-Boot Systems Warn After Microsoft Update (arstechnica.com) 144
Ars Technica's Dan Goodwin writes: Last Tuesday, loads of Linux users -- many running packages released as early as this year -- started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: "Something has gone seriously wrong." The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don't load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. [...]
With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).
With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).
Microsoft still looking for a CrowdStrike to blame (Score:5, Funny)
because it can't be Microsoft causing the issue.
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Funny)
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Informative)
Verifying shim SBAT data failed: Security policy violation
Something went seriously wrong: SBAT self-test failed: Security Policy Violation
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Informative)
Did you look at the actual error screen? No, of course you didn't.
Verifying shim SBAT data failed: Security policy violation
Something went seriously wrong: SBAT self-test failed: Security Policy Violation
I know a fair bit about the mechanics of secure boot, because I used to work and Intel and I designed some of the hardware related to secure boot.
But I'm not so tied to the upper layers that I have a clue what an SBAT file is.
If I see this error, I want to know what an SBAT file is, what it does, what the consequences of removing are. Of course if I didn't have another computer to look this information up on, I'm S.O.L.
This is why errors should be comprehensive and informative to the point that either you know what to do or who to call. "Something went seriously wrong" is pointless text. "Security Policy Violation" Is a little better because it gives you some context, but it doesn't point you to where the security policy is or which policy was violated, or which line of a policy file holds the policy that was violated or what the thing was that was violating the policy.
Shitty errors are a pox on the computer industry.
Re:Microsoft still looking for a CrowdStrike to bl (Score:4)
SBAT is 2 things.
One, it's a UEFI NVRAM var (the revocation generation list) and 2, it's a section in a PE file (.sbat).
It's a way to revoke signed PEs generationally, rather than clogging up the DBX (image revocation hash list)
UEFI var contains minimum generation allowed for an identifier,
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Insightful)
Re: (Score:2)
Well, yes. But what can you expect from 2rd rated tech?
Re:Microsoft still looking for a CrowdStrike to bl (Score:4, Funny)
In Linux, I can review logs, diagnose the issue, fix it, and possibly execute mitigation strategies to prevent similar problems in the future.
Grub grabs its crotch and says "check THIS log out".
Re: (Score:3, Informative)
You not knowing how to use Windows is not a Windows problem. Not only is TFA trolling, the actual error message gives you a full information that SBAT self-test failed due to a security policy violation, but for any Windows related issue post secure boot you will have error messages in detail logged in the windows event log, even if on the screen it says "Something went wrong". Even on an unlogged app such as the Windows 11 installer, when you get the "something went wrong" useless message you have a comple
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Informative)
Re: (Score:3)
Diagnostics in Windows is counting the number of reboots :)
Re: (Score:3)
Re: (Score:2)
I had a Lenovo X1 motherboard replaced and it took me hours to find instructions (mostly via IRC) on how to update efivarfs for the new motherboard so GUB would see the existing Ubuntu partition. I think most people were just doing an Ubuntu reinstall (factory reset) instead of using the clean solution of updating efivars.
Re: (Score:2)
What you just outlined is that you rather open-source as opposed to closed source.
Re:Microsoft still looking for a CrowdStrike to bl (Score:4, Informative)
The error is printed by the UEFI shim, not anything Microsoft wrote.
Re: (Score:2)
Re:Microsoft still looking for a CrowdStrike to bl (Score:4, Funny)
Re: (Score:2)
The question is, is Microsoft the Boeing of computing or is Boeing the Microsoft of aviation? They should merge or something.
Re:Microsoft still looking for a CrowdStrike to bl (Score:4, Funny)
yes.
Re: (Score:2)
Re: (Score:3)
Is Slashdot editing the Microsoft of forums?
Re:Microsoft still looking for a CrowdStrike to bl (Score:5, Funny)
Correct. I have not booted windows in years outside of a virtual machine, and I've had zero issues.
Fedora updated GRUB for this in 2022 (Score:2)
What were other distros waiting for?
Re:Fedora updated GRUB for this in 2022 (Score:5, Insightful)
For people to care about secure boot, probably. Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.
Re:Fedora updated GRUB for this in 2022 (Score:5, Informative)
Long Story: The only machine I use SB on is an upgraded Windows 10 machine. That machine dual boots it's original Windows 7 installation, which has full disk encryption from a third party. (I.e. You have to enter a password into the third party's bootloader on boot.) That third party bootloader, and Windows 7, is signed by my SB KEK. But Microsoft's SB KEK and SB db is not.
As a result, Windows 7 and it's third party bootloader can boot just fine when Secure Boot is enabled, but Windows 10 cannot. (As it's not signed, the system stops with a Secure Boot Violation error.) This keeps Windows 10, and MS, out of my Windows 7 disk, and let's me know if they try to pull something funny with the ESP.
Before you ask: Yes, they've tried crap before. One time they tried installing replacement bootloaders for every folder that they detected a Microsoft binary in. That was fun to fix, because Microsoft didn't backup any of the files nor check to see if they were actually signed by MS before updating them. (They weren't. MS's Secure Boot signature was removed on all of them due to that machine's buggy UEFI only being able to handle one SB signature on the binaries without crashing.)
Re:Fedora updated GRUB for this in 2022 (Score:5, Informative)
Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.
You should re-phrase your comment. It would read better "Historically, much of the community using Linux as a hobbyist OS, has not been supportive of such technologies, seeing it as a poison pill."
The wider Linux community, developers, and the many people working tirelessly to make Linux a king of secure and hardened systems are fully in support of Secure Boot and every major distro has implemented support not only for using Microsoft's shim but also generating your own signatures and loading them into UEFI.
Re: (Score:3)
Re:Fedora updated GRUB for this in 2022 (Score:5, Informative)
> The wider Linux community, developers, and the many people working tirelessly to make Linux a king of secure and hardened systems are fully in support of Secure Boot
No. I've been using GNU/Linux since 1998 full time and can safely say that this statement is false.
The only reason the nightmare that is Secure Boot is supported at all by any distro is for ease of use. New users don’t want to muck about switching it off just to get GRUB to load. So distros HAVE to support it, just like Debian HAVE to break their own rules and include non-free drivers by default.
If what you say is true. Then explain why SB on Linux isn’t worth shit.
Why are you (I'm presuming you are one of these serious developers trying to make GNU/Linux really secure), still using SB like a toy?
Why are you STILL after all these YEARS using the SHIM?
I take it you have signed the distros kernel images? The init? With what keys? With whos keys? We all know there are only ONE set of keys that can do that and they belong to Microsoft. I mean those two components are essential at the most minimum level. Yet you STILL fake it by running the ONLY thing MS will let you sign: the SHIM.
Ooh, so advanced, so secure. Or are you telling me that Debian 12 has signed every binary using Debians own PK, KEK etc? How do I sign my own compiled kernals then? What process? Last time I looked at Debian 12s kernel build method it had no capabilities to sign a kernel for SB.
If the distro does use their own SB keychain, what do they do with the MS keys? Are Debian signing Windows 10 too? You must DELETE the MS keys from SB if you want to go it alone, so how are you all supporting SB and dual booting with windows?
You use the shim.
Face it. Anyone who actually knows how SB works (and I suspect you clearly dont) knows that it is, by default, and without a load of manual intervention on the part of the user that sits in the chair, broken, hijacked and MS controlled out of the box.
Linux distros fake SB compliance by using a worthless little shim that MS signs. Thats it. After that shim is confirmed to be good, anything goes and SB is effectivley useless. It is nothing more than a user freindly feature to help novices run Linux.
It has nothing to do with improving security. If it were the user would have to put in a lot of hard graft to set it up, or if the distro has its own keys, the user must give up booting windows.
The vast majority of x86/x64 computers powered on right now across the entire world run windows. A tiny sliver of those machines dual boot GNU/Linux and an even smaller proportion of that run it as the only OS. Since I started in 1996/7 and moved fully to it from ‘98/’99 or so I can tell you, as much as you hate to be told this, WE ARE ALL HOBBYISTS RUNNING AN UNCOMMON HOBBYIST OS.
It’s a bitter pill I know. C’mon, Apple are bigger than us. OS/2 is bigger than us and that’s not even on users desktops!
Re:Fedora updated GRUB for this in 2022 (Score:4, Informative)
Re: (Score:2)
Re:My Dell Inspiron still makes me do a nautch dan (Score:4, Interesting)
Re: (Score:2)
Re: (Score:3)
For people to care about secure boot, probably. Historically, much of the Linux community has not been very supportive of such technologies, seeing the technology as a poison pill meant to kill hobbyist OSes.
And incidents like this are certainly giving us a very positive impression that Secure Boot is not about killing "hobbyist" OSes.
Re:Fedora updated GRUB for this in 2022 (Score:5, Insightful)
Re:Fedora updated GRUB for this in 2022 (Score:5, Insightful)
If I'm using a "hobbyist OS" I have every business complaining about Microsoft making it unbootable. I have every business complaining that Microsoft is overreaching and treating my own computer as its own playground. Honestly, Microsoft is behaving just like the evil Disney in the recent case about the Mickey thinking that anyone who ever used Disney+ has signed away they rights till death. Microsoft thinks that every computer where you installed Windows is their property. And even if you never installed Windows, Microsoft still plays the UEFI SecureBoot gatekeeper on YOUR computer. I guess it's not a coincidence that people are calling that company Mickeysoft. It's a well fitting name.
Re: (Score:2)
I have every business complaining that Microsoft is overreaching and treating my own computer as its own playground.
Sure, you can complain... and some people might listen and possibly commiserate with you. Microsoft can still do whatever it wants and there is nothing you can do except avoid using Microsoft products... for now. At some point in the future, you will only be allowed to run a Microsoft operating system. Ostensibly, for the security of your fellow members in society...
Re: (Score:2)
Re: (Score:2, Informative)
If you are using a "hobbyist OS" you have no business complaining about anything.
Yes, if you use Windows (which is suitable only for a gaming hobby, and then only barely) then you deserve what you get. Linux, on the other hand, underpins the global economy and is a multinational effort contributed to by every major vendor. Even Microsoft is allowed to contribute, though thankfully their contributions go through a lot more scrutiny by much smarter and more scrupulous people than with their own OS.
Re: (Score:3)
Re: (Score:2)
Mine's still working fine...
Are we sure we're not just getting an accounting of everyone who hasn't updated their distro in a couple of years, and has SecureBoot enabled?
I gave up long ago: dual systems instead of dual b (Score:5, Interesting)
At this stage in my life and career I just donâ(TM)t have the time to fight this battle.
About 5 years ago I just started using one piece of hardware per OS.
Re: (Score:2)
I have a nice, easy-to-open case, and a second NVMe I plug in when I want to switch. For me, it's great. I don't switch that often, so it's not a big deal to spend 5 minutes switching. If I wanted to switch more often, I'd probably get a dual NVMe motherboard and handle it that way. Definitely the way to go, keeping things separate.
Re: I gave up long ago: dual systems instead of du (Score:2)
I've got an ITX motherboard. Most of those only have a single slot, in my experience.
Re: (Score:3)
Hell, I even have a separate machine just for gaming. I don't trust that all the automatic updating and anti-cheat bullshit isn't going to break something.
Re: (Score:2)
Same. I got tired of it even if I have two drives with their own OSes.
Re: (Score:2)
This is helped along by the fact that the Nvidia cards I have are suitable only for Windows, and i'd only use AMD on Linux. So yes, this makes way more sense.
VM-it (Score:3)
I don't dual boot. I have Linux Mint installed as a VirtualBox VM in seamless mode on my Windows desktop. I adjusted its toolbar to the top, so I have a collapsible Linux Mint toolbar on the top of my screen, and a self-hiding Windows toolbar on the bottom. I've had the same VM, in multiple copies, for ten years and have upgraded Mint over 7 major and a slough of minor versions. It has been my right-hand trusted enclave on five different laptops now. Running in a VM keeps the hardware configuration it
Re: (Score:2)
I don't dual boot. I have Linux Mint installed as a VirtualBox VM in seamless mode on my Windows desktop.
Welcome to backwards-land! You put the reliable OS in a VM under the unreliable one, whee!
It lives in an encrypted container, so no Windows process can see the files in it.
It's hosted on Windows, so Windows can see everything in memory.
Speed (Score:2)
It's at the point where even low-end hardware is fast enough to run most things quickly enough. Even old hardware is usually fine. I just revamped my old Haswell desktop for my son, with a faster boot SSD and NVME drive on a PCIe card (you can still use NVME on old hardware, you just can't boot from it.) It's plenty fast for most things, unless you want to play the latest games, which he doesn't.
Re: I gave up long ago: dual systems instead of du (Score:2)
Just FYI, I still dual boot Linux and OpenBSD just fine.
Re: (Score:3)
Re: (Score:2)
The only system I use dual boot is my game PC. Windows 8.1 and Linux. If a game does not run on Linux (or runs badly), then it usually runs OK on Windows 8.1 and since I do not play games all the time, rebooting is not a problem.
Re: I gave up long ago: dual systems instead of du (Score:2)
Re: (Score:2, Insightful)
Dual booting serves no purpose in 2024. It was relevant back in the day where virtual machines were so detached from hardware that you suffered some very serious performance issues not dualbooting. But these days there's virtually (hahahha a pun I'm so clever) no reason not to use a VM if you need a second OS.
Re: (Score:2)
The only issue with VMs is that they're another layer of hassle you have to get working before you worry about the guest OS and having to get that working too. Other than that I agree with you.
Re: I gave up long ago: dual systems instead of du (Score:2)
My only use case for Windows was games and that compatibility problem was largely solved (for me) last time I bought a PC, four years ago. All the games I want to play run well on Linux, usually thanks to Steam (Proton), sometimes thanks to Lutris (Wine). I know a few games have issues and I do not care. A very vast majority of games runs just fine on Linux.
Boot sectors (Score:2)
Why havent bios makers made this simple? I already go in there from time to time to select boot from USB.... why isnt a regularized boot choice something that just comes up before a single sector of any drive is read? preferences/configuration via bios?
Re: (Score:3)
EFI boot does this.
IIRC my mirror shows up as 'debian' and 'debian-2' in BIOS.
Re:Boot sectors (Score:4)
Not exactly new functionality from EFI here. (Though like everything else with EFI, history has been altered to support it.)
Happened to me (Score:5, Interesting)
My laptop dual boots windows and Debian. After the last windows update, windows refused to boot at all. It halts very early in the process. Trying to do a startup repair or similar repairs did not work. I ended up having to reinstall. Although secure boot is disabled on all my devices.
Re: (Score:2)
I'm thinking windows 8 was not so bad after all?
Yeah, I blocked that abomination they replaced the start menu with out of my memory, too.
Committed to the switch a few years back (Score:5, Interesting)
I ran dual boot for years, mainly for Games and Office.
With the advent of Open Office being good enough and Steam providing Proton, my Windows install basically stopped being used about 4 years ago. Ironically, it was broken by a Windows update about 3 years ago and I never bothered to fix it, just formatted the partition and used it for extra storage.
This year I built a new machine and requiring a Windows boot option was not even considered.
if you really must do it... (Score:2)
If you must dual boot, I highly recommend using the Windows bootloader to boot Linux, rather than Grub. You'll be happier on a long term basis when these types of things don't hit you.
Re: (Score:2)
Re:if you really must do it... (Score:5, Informative)
MS shipped a new UEFI SBAT.
It's responsible for signed image revocations.
MS blacklisted a known-very-broken grub image. Part of their job as the OS/SecureBoot CA is to blacklist bad signed UEFI images.
For whatever it's worth, this was patched and shipped on every distribution in existence 2 years ago.
Re: (Score:3)
Wait, does that mean this is only hitting people running ancient, vulnerable versions of GRUB? If so, surely the user has to take some responsibility here for not updating?
Not that I want to get in the way of some good ol' MS bashing, but lets share the blame equitably here. Seems like MS (finally, eventually) did the right thing here and now it's affecting people who don't patch...
Re: if you really must do it... (Score:2)
No, the problem is that Microsoft patches the UEFI with new keys including some that break old GRUB but also that break old Windows as Microsoft has lost its keys over time as well.
That is however not the problem, the problem is that some parts of Microsoft OS (eg drivers and startup daemons) are still signed with old keys that have been revoked since and this breaks the Microsoft OS in odd ways leading to unbootable Windows.
The Linux systems work fine, GRUB works fine, this affects computers that donâ
Re: (Score:3)
No, the problem is that Microsoft patches the UEFI with new keys including some that break old GRUB but also that break old Windows as Microsoft has lost its keys over time as well.
That is however not the problem, the problem is that some parts of Microsoft OS (eg drivers and startup daemons) are still signed with old keys that have been revoked since and this breaks the Microsoft OS in odd ways leading to unbootable Windows.
The Linux systems work fine, GRUB works fine, this affects computers that donâ(TM)t even have GRUB, it is only the signing keys for some versions of GRUB that have been revoked leading to Microsoft pieces not booting - implying that either they have revoked additional keys or they are signing with GRUB keys.
Do you have a bug reference for this?
The distro bugs say people who got the new SBAT can't boot linux unless they have shim 15.8 released January
23, 2024. https://bugs.debian.org/cgi-bi... [debian.org] https://bugs.launchpad.net/ubu... [launchpad.net]
Re: (Score:3)
If you got the new SBAT shim 15.7 is blocked, you need 15.8 released 23 Jan 2024.
https://bugs.debian.org/cgi-bi... [debian.org]
https://bugs.launchpad.net/ubu... [launchpad.net]
Re: (Score:2)
A *person who happens to be an MS employee* submitting a patch is massively different to *MS* submitting a patch. I have no idea what kind of legal agreement one has signed when getting a job as a coder at microsoft, but it wouldn't surprise me if it included something along the lines of "any code, machine-executable or not, human-readable or not, you ever communicated or will ever communicate, is owned by us", so it _might/may_ be impossible to function as a free coder once you've been hired by microsoft.
Re: (Score:2)
A *person who happens to be an MS employee* submitting a patch is massively different to *MS* submitting a patch.
Not necessarily, only potentially.
I have no idea what kind of legal agreement one has signed when getting a job as a coder at microsoft
...but that's irrelevant since Microsoft is known for doing underhanded shit in regards to Linux so you can't trust anything that they might actually be personally responsible for. Everything has to be scrutinized line by line to make sure at minimum that they aren't doing the same terrible job that they do with their own OS, let alone attempting to engage in some type of sabotage.
Re: (Score:2)
You can't call it open-source if you arbitrarily restrict who can contribute. Or to put it another way, why shouldn't MS employees be allowed to submit patches?
I'm not sure if you are being sarcastic or not. Generally speaking I think the idea is to submit patches to the GRUB maintainers, and then all the Linux distros distributing it update the binaries in their respective packaging systems. What other parts of a separate Linux install do you think MS should add to their patch Tuesday? And won't patching outside the Linux packaging system fuck up its metadata database?
Re: (Score:2)
If you must dual boot, I highly recommend using the Windows bootloader to boot Linux, rather than Grub. You'll be happier on a long term basis when these types of things don't hit you.
It's suspected that not using grub may be the cause of dual boot not being detected. Can you confirm that you're able to boot with shim 15.7 or didn't get the new SBAT?
One of the worst things about Windows (Score:5, Funny)
is when something goes seriously wrong
Here's how I run Windows on my machine (Score:5, Interesting)
In a VM inside Linux.
I'm not letting this turdaroonie of an OS have access to the real hardware. I don't trust Microsoft's honesty - as in, if I dual booted, I wouldn't put it past Microsoft to mount my Linux partitions and exfiltrate data off of them. And even if I did, I don't trust Microsoft's competence anyway.
Windows is malware. So it runs in a sandbox.
Re: (Score:3)
I'm not letting this turdaroonie of an OS have access to the real hardware
oh, a search with one single result!
https://www.google.com/search?... [google.com]
was it you? :o)
Re: (Score:2)
It was not :) I've always said that. I wasn't aware that it was uncommon.
Re: (Score:2, Interesting)
Yup. I bought a used ex-business desktop PC last year, it came with Windows 10 Pro installed (and activated) on the bare metal. First thing I did was image the entire disk, then I blew away Windows and installed Linux. Shortly after, I had Windows running in a VM using QEMU/KVM, still activated. Since then I've upgraded the VM to Windows 11. Even though my hardware is unsupported (TPM 1.2, unsupported CPU), the VM presents supported hardware to Windows, so Windows update offered the upgrade without any "per
Dual Boot Is Boring. (Score:2)
Used to triple boot among OS/2, Win 3.0, and Linux. Funny how I spent most of the time in Linux. Maybe because it supported ethernet cards with IP networking out of the box. Win? Just to run that one app, but lack of networking sucked. OS/2? Thank you for token ring and dialup netoworking. Or not.
Re: (Score:2)
You never booted Windows 3.0 . You actually booted DOS. (yes, I'm aware that Windows 3.x can also run under OS/2).
By the time Linux became really usable, OS/2 already had TCP/IP, web browsers and whatnot. And it supported Ethernet, of course.
Re: (Score:3)
Token ring, haven't heard that in a while. Reminded me of this.
One of the best Dilbert's ever (the early years):
https://community.spiceworks.c... [spiceworks.com]
Good thing that I recently ditched Win11 (Score:2)
lolwut (Score:2)
Microsoft patches a vulnerability in GRUB, of all things?
Re: (Score:3)
Re: (Score:3)
I see, thanks. Microsoft, you keep your GRUBby paws away of my GRUB!
Childish error messages (Score:2)
Insecure Boot? Why would I have that turned on? (Score:2)
It is nothing but DRM anyways and does not actually protect against attacks by 3rd parties. It does prevent some "attacks" by users though as DRM is supposed to. I have also stopped putting Linux and Windows on the same machine. Microsoft has no inhibitions doing sabotage attacks...
Re: (Score:2)
Even if you hate Windows and think it can't be setup securely, Linux distributions also use secure boot and for good reason. I don't know how this stuff keeps getti
Dual-boot (Score:2)
I gave up on dual boot several decades ago.
Windows has absolutely no care or respect for other OS on the same drives and will constantly ride rough-shod over your bootloader without giving a damn.
Virtualise it, or don't bother.
Even back in the day I would always prefer one bootloader to take charge and the rest to be isolated from that, starting with things like ZIPSLACK / UMSDOS and nowadays virtualisation.
I don't understand those people who continue to struggle with MS trashing their bootloaders and enfor
"Something" (Score:2)
Yeah, you installed Windows. That's what's gone wrong.
Stating the obvious ... (Score:2)
- that is what is wrong!
smug mode = on (Score:2)
I boot using MBR ;)
Works perfectly find on my MB that’s only a few years young and I don’t have a > 2TB drive to boot from.
I'm starting to look into UEFI now thst I can trust it to actually work considering the horrid mess early implementations were (or still are: HP!).
On paper it looks pretty good, in practice it was pretty horrid with several UEFI implementations being totally non-functional for UEFI boot if you were not running windows (eh HP??? figured it out yet).
HP for example, as I kee
My "failed to boot" mystery (Score:2)
I have secure boot turned off and I dual boot Linux (Slackware) and Windows. To make a choice I press F12 at boot time to get into Boot selection menu from UEFI and select either Windows or Slackware.
This Monday I did that as usual and Slackware did not boot - it failed to find the root filesystem. It turned out that the EFI partition contained a folder for my Slackware with elilo.conf saying that Linux root file system is on /dev/nvme0n1p5, the /etc/fstab said that the root filesystem is in /dev/nvme0n1p5,
Fixed in Ubuntu years ago. Shim update required. (Score:2)
Distro bug tracking (Score:3)
Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. o address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions.
https://discourse.ubuntu.com/t... [ubuntu.com]
Sbat Windows update stops old Linux shim from working
https://support.microsoft.com/... [microsoft.com]
Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. o address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions.
https://discourse.ubuntu.com/t... [ubuntu.com]
Sbat Windows update stops old Linux shim from working
https://support.microsoft.com/... [microsoft.com]
According to https://bugs.launchpad.net/ubu... [launchpad.net] shim 15.7 is not enough if you got the new SBAT, you need 15.8 (released on January
23, 2024) Additional Ubuntu bugs https://bugs.launchpad.net/ubu... [launchpad.net] and https://bugs.launchpad.net/ubu... [launchpad.net]
Debian bug: https://bugs.debian.org/cgi-bi... [debian.org] only Sid is currently unaffected (has shim 15.8). The reporter doesn't use grub but selects the system at startup in the UEFI's boot menu which he suspects is the cause of windows not recognizing dual boot.
Debian shim security trac
Microsoft has gone seriously wrong (Score:3)
Every time something fails with Microsoft all you ever fucking get is utterly worthless and useless messages. They don't care or try.
Everyone gets to waste hours fucking around with a profiler just to fix shit because Microsoft can't be bothered to ever mention (or log) even the subject of failure.
Motherboards not supporting NVME disabling (Score:2)
Dual-boot is a major major headache because motherboards cannot disable NVME.
If you have windows on one drive and linux on another, they will always peek into the other drive and muck up stuff.
NVME are annoying to take out and put in. They are behind GPU, covers and thermal tape.
So, one OS per computer now.
How many outages is this since July 1st? (Score:2)
Honestly, why? I highly doubt it's the engineers, or the developers, I bet you can blame all the problems on ma
Re: (Score:2)
Re: (Score:2)
Microsoft just a few days ago said it will provide bitlocker for all users on windows 11
I hope it doesn't for users without TPM, like me. I'd hate to have Bitlocker forced on my systems, with a passion.