Earlier this week, Microsoft acknowledged the problem with its August 2024 Patch Tuesday update, which caused headaches for customers running Windows and Linux side-by-side on a single machine. Basically, the update was not supposed to target dual-boot systems. Still, the detection mechanism failed to recognize certain systems, resulting in the update incorrectly applying a Secure Boot Advanced Targeting setting to the wrong systems and breaking Linux installations.
Now, Microsoft provided more information about fixing the issue on affected systems. If your Windows-Linux machine cannot boot into Linux, try the following to bring it back to life:
Disable Secure Boot:
- Boot into your device’s firmware settings.
- Disable Secure Boot (steps vary by manufacturer).
Delete SBAT Update:
- Boot into Linux.
- Open the terminal and run the below command: sudo mokutil --set-sbat-policy delete
- Enter your root password if prompted.
- Boot into Linux once more.
Verify SBAT Revocations:
- In the terminal, run the below command: mokutil --list-sbat-revocations
- Ensure the list shows no revocations.
Re-enable Secure Boot:
- Reboot into the firmware settings.
- Re-enable Secure Boot.
Check Secure Boot Status:
- Boot into Linux. Run the below command: mokutil --sb-state
- The output should be “SecureBoot enabled”. If not, retry the step 4.
Prevent Future SBAT Updates in Windows:
- Boot into Windows.
- Open Command Prompt as Administrator and run: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure.
In addition to providing the workaround, Microsoft said it is working with Linux partners to fix the problem as soon as possible.
In case you missed it, here are the updates Windows 10 and 11 received during this month"s Patch Tuesday: