For the past nine months, Windows/Linux dual-boot systems have been unable to function due to the blocking of bootloaders vulnerable to a critical vulnerability.
As Microsoft itself explains in the Patch Tracker, the deployment of the security patch(KB5041160) had caused a substantial problem for many Windows/Linux dual-boot enthusiasts. In many cases, the dual-boot was simply no longer functional, with an error message like " Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation ". A problem which is already annoying, but which also had the bad taste to last, since it dates back to August 2024!
Microsoft has now confirmed, with the KB5058385 update of May 13, that the bug is now a thing of the past. The patch has been integrated into this update, which was rolled out a few days ago and enables a functional reboot, without the need for any other operation. It should be noted that the patch resolves the problem on all systems that were affected, i.e. Windows 10, Windows 11 and Windows Server. As Microsoft points out, it " corrects the undesirable effects of the SBAT update ".
Last August's KB5041160 update was not designed to mess up multi-boot configurations. It was aimed at blocking bootloaders vulnerable to a critical GRUB2 flaw (CVE-2022-2601). The problem was that on some Linux distributions - which would explain why not all dual-boot users were affected - the corrected version of GRUB2 had not been integrated or, what amounts to practically the same thing, had not been signed by Microsoft. As a result, the Secure Boot process could no longer function correctly. Microsoft was slow to react - to say the least - but it was clearly not the only party at fault.
