Microsoft Addresses Booting Challenges on Dual-Boot Windows and Linux Environments

Microsoft has addressed a significant issue that was preventing Linux from booting on dual-boot systems where Secure Boot was enabled, following the installation of the August 2024 Windows security updates. The affected systems include those operating with client versions like Windows 10 and Windows 11, as well as server editions from Windows Server 2012 onward.

The boot failure is attributed to a Secure Boot Advanced Targeting (SBAT) update which was specifically designed to block UEFI shim bootloaders vulnerable to exploits, such as the CVE-2022-2601 GRUB2 Secure Boot bypass. Despite Microsoft’s assurances that devices with dual-boot configurations would not receive this SBAT update, the detection mechanism faltered, inadvertently resulting in its application to certain customized dual-boot setups.

Numerous reports from the Linux community indicated that users across various distributions—including Ubuntu, Zorin OS, Linux Mint, and Puppy Linux—experienced boot failures characterized by the error message: “Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” This acknowledgment from Microsoft came after extensive user feedback highlighting the problem.

Resolution Timeline

After confirming the issue, Microsoft announced that the security updates released on May 13, 2025, would rectify the boot complications for all impacted users. The company emphasized the importance of installing the latest updates, which include critical improvements and resolutions for previously identified issues.

Prior to the permanent fix, Microsoft provided a temporary workaround in late August. This involved a process to delete the problematic SBAT update and prevented subsequent automatic installations of similar updates. Additionally, on September 19, Microsoft ceased the automatic application of the controversial SBAT update, advising users who wished to avoid future issues to execute a specific registry command:

plaintext
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecureBootSBAT /v OptOut /d 1 /t REG_DWORD

Microsoft clarified that this issue was exclusive to the installations of the August 2024 security and preview updates, assuring users that subsequent updates, starting from September 2024 and onwards, would not retain the settings that led to the complication.

This diligent response demonstrates Microsoft’s commitment to addressing security concerns and ensuring the seamless operation of dual-boot systems.