We do often include affiliate links to earn us some pennies. See more here.

Do you dual-boot Windows and Linux? Well, a recent Windows update seems to have been a bit messy and may have broken the ability to boot into Linux. Causing an alarming message to display of "Something has gone seriously wrong".

The update in question is in relation to CVE-2022-2601, and as the numbers there suggests, it's an issue from way back in 2022 that Microsoft decided just last week to go and patch up themselves. From the CVE:

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

It wasn't supposed to affect you if you do have Linux installed, as per Microsoft's own info they said:

To address this security issue, Windows will apply a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security. The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems. You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.

However, that seems to have still caused problems for those that do dual-boot. Oops. There's been quite a few reports of people unable to boot into their Linux distributions as a result of this update. A potential solution can be found in an Ubuntu Discourse post from 2023 for a previous issue.

Microsoft haven't yet said anything about it that I can find, and their update page notes "Microsoft is not currently aware of any issues with this update", so clearly that needs an update.

Article taken from GamingOnLinux.com.
19 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
46 comments
Page: «3/3
  Go to:

Highball Aug 23
Quoting: Mountain Man
Quoting: Highball
Quoting: Marlock
Quoting: Highball
Quoting: MarlockQuick question: what system has a copy of grub installed (not by windows, because it's never used by windows) but doesn't have linux so it's ok to replace/block grub?

Any system.
Please elaborate

You can point Grub at any kernel to load. Haiku, Redox, whatever. LILO was popular back in the day. Nothing is stopping anybody from getting rid of Grub and switching boot loaders. You can even point one boot loader at another boot loader. That's how most people dual boot Windows. Grub loads, then start WinLoader, then WinLoader starts onekernel.

I had the most success keeping Windows on a separate drive where it could do whatever it wanted with the boot sector, and then grub on the primary drive would simply hand off to WinLoader on the secondary drive. Installing Linux and Windows on the same drive was a bit like playing Russian roulette. You never knew when Windows would break things.

Really this is the only way to avoid the MSFT hassle. Here is a Gaming thread for HD2 with a guide on how to dual boot Linux and the author's recommendation is to have two drives, install one OS to each drive.

https://steamcommunity.com/app/553850/discussions/2/7599331177361006128/?tscn=1724068733

Setup each OS with only one drive connected at a time. Then after that, use the UEFI boot manager to select which drive you want to boot from. I mean seriously after twenty years, MSFT is still randomly blasting the boot records. This guys solution is basically a silver bullet for Linux newbies. Side note, he barely speaks English and single handily converted more people to Linux in one gaming thread than I have in twenty years. Seriously I'm not sore about it at all, hahahaha.


Last edited by Highball on 23 August 2024 at 1:03 am UTC
ShabbyX Aug 23
Quoting: Highball
Quoting: ElectricPrismYou know how some people backup the header of encrypted disks:
 
sudo cryptsetup luksHeaderBackup /dev/<your-disk-luks> --header-backup-file luks2-header-backup-$(date -I)


If somebody wants a project make a interface equivalent to Etcher that optionally backs up the MBR + Linux / Windows boot partitions.

Then next time Windows fucks this up. ( Which they have been for decades and we haven't done anything about it. ) A person can load a Live USB, create a new backup in the broken state and run the Restore tool to revert the changes to before Microsoft screwed the pooch.

Who knows maybe what I'm imagining already exists, there's a lot of fine people out there who do amazing work all the time on our apps.

https://help.ubuntu.com/community/Boot-Repair

Honestly I don't know how well it works. I haven't dual booted for close to twenty years and this tool didn't exist then as far as I know. At that time, all you had to do was live boot off a CD and chroot to your Linux partition, then rerun your boot loader install command, and it was all back to normal. It's a minor inconvenience for seasoned Linux users, but newbies immediately think Linux sucks and doesn't work. Obviously MSFT's intention. I don't remember a time that updating Windows didn't rewrite the MBR.

Yeap, it's still pretty much the same process. Live usb, chroot, reinstall grub.

I got rid of windows about 7 years ago, I'm much more relaxed now in my life.
Caldathras Aug 23
Quoting: Highballhttps://help.ubuntu.com/community/Boot-Repair

Honestly I don't know how well it works. I haven't dual booted for close to twenty years and this tool didn't exist then as far as I know.
Yep. It works. Saved my bacon several times. Very easy to use.

Linux Mint includes it on their Live USB (aka MintStick). I always make sure to have a MintStick on hand. Works with any Ubuntu derived distro.

I believe that Boot-Repair provides an ISO for their own bootable USB but I prefer my MintStick.
bonkmaykr Aug 26
Quoting: soulsource
Quoting: Claude_LibI have Windows on a separate drive for rare occasions when I need it. The only clue two systems have about each other's existence is that Windows messes up the clock because I keep forgetting to set the RealTimeIsUniversal registry key.
This update might break exactly such setups. The list of revoked keys is stored in an EFI variable (-> mainboard memory), and if Windows is unaware that there is a Linux installation, it will happily update that list - making Secure Boot prevent the execution of GRUB versions signed with the now-revoked keys.
I actually remember there being something about this previously around the time Windows 11 first leaked, where there was some concern that Microsoft was going to force OEMs to keep secure boot enabled with no opt-out, and then since the secure boot keys are only their keys by default you don't really have a way to move off of Windows any longer. It didn't end up going that route, or if it ever does, at least not as soon as some of us expected.


Last edited by bonkmaykr on 26 August 2024 at 7:32 am UTC
Quoting: bonkmaykr
Quoting: soulsource
Quoting: Claude_LibI have Windows on a separate drive for rare occasions when I need it. The only clue two systems have about each other's existence is that Windows messes up the clock because I keep forgetting to set the RealTimeIsUniversal registry key.
This update might break exactly such setups. The list of revoked keys is stored in an EFI variable (-> mainboard memory), and if Windows is unaware that there is a Linux installation, it will happily update that list - making Secure Boot prevent the execution of GRUB versions signed with the now-revoked keys.
I actually remember there being something about this previously around the time Windows 11 first leaked, where there was some concern that Microsoft was going to force OEMs to keep secure boot enabled with no opt-out, and then since the secure boot keys are only their keys by default you don't really have a way to move off of Windows any longer. It didn't end up going that route, or if it ever does, at least not as soon as some of us expected.
Yeah, I remember that worry. I suspect if Linux was only desktop Linux, it might have happened. But Linux on server is too big and essential, a lot of big companies would not have sat still for MS trying to cut them off on that side.
I've got 99 problems but Windows isn't one.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register