- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
You must log in or register to comment.
It is a time for a single linux boot.
So they were trying to patch systems that use GRUB for Windows-only installs? What a load of BS. Why would anybody install GRUB to boot only Windows with that? Or am I overlooking something?
Furthermore, if GRUB has a security issue, they should’ve contributed a patch at the source instead of patching it themselves somehow. I’m a bit stunned at the audacity of touching unmounted filesystems in an OS patch. Good thing Windows still doesn’t include EXT4 and BTRFS drivers because they might start messing with unencrypted Linux system drives at this rate
They updated the system key store to invalidate known vulnerable boot configurations. One of those configurations was old versions of Grub, which had a pre-boot exploit a couple of years ago.
The issue has already been patched for years, but it appears some Linux distros never bothered to update their system configuration. Not sure if this is a shortcoming of Grub or one of the distro maintainers that were affected, though.
In fact, Microsoft tried to not apply this patch on dual boot systems, leaving them vulnerable but working, but clearly their detection failed. I think their detection required chainloading the Windows bootloader or something?
Either way, the only Linux file that Windows will ever touch with updates is the “fallback for when the boot configuration is completely fucked” bootloader, which both Linux and Windows overwrite after installation, incase the boot configuration gets completely fucked. If you’re relying on that bootloader, you were always going to get fucked by some update eventually; either your installation failed or your motherboard is broken.
What is that latter fallback called? I set up my boot manually using an EFI stub last time I installed arch but wasn’t aware of any fallback bootloader
I don’t know what systemd-boot does, but the normal way to install a bootloader is to copy an efi file to the right folder (/EFI/archlinux/grubx64.efi or whatever) and register the bootloader in the boot configuration store. This allows you to pick the OS from a list by hitting the boot menu key for your device (f8/f12 usually I think?) rather than having to rely on something like systemd-boot or Grub to list all of your operating systems. This way, you can also boot UKIs and other Linux kernels compiled to simple EFI files, without ever even touching an independent bootloader.
As a fallback, both Windows and some Linux bootloaders copy their files to the /EFI/Boot/bootx64.efi directory. This makes the drive bootable in cases where the boot configuration store is broken, or if the drive wasn’t hooked up to the same motherboard when the installation was done. This is particularly important for installer drives, because you don’t want to add a boot entry to your motherboard for every installer you plug in.
The downside of this fallback file is that it’s just one single file in a preset directory, like the MBR of old. Some motherboards come with a file browser to select the EFI application you want to boot, but many will just give you a boot menu and nothing more. Because it’s a single file, that bootloader can either be Windows or it can be Linux. This isn’t a problem normally, but on broken motherboards this can render a system Windows-bootloader only or Linux-bootloader only. You can add both Linux and Windows to either, but the file being booted it always the last one that got updated.
There’s also a weird edge case for when you install Linux on a GPT disk from CSM mode, where the GPT disk will have an MBR. That makes the Linux system incapable of using any UEFI features and it has the same problem: if Windows puts its bootloader there, the drive will boot Windows.
As for bootloaders themselves, you generally only install one (though there’s nothing preventing you from installing both and having both be bootable, because they’re just entries in the UEFI menu!). If you want, you can install bootable Linux kernels as well, without any bootloader, though those don’t let you pick your boot options.
lol they fuck with my BIOS boot settings to the point i had to password it. they are that bad.
In the mind of Microsoft, Windows is the only OS and all things on computers exist to facilitate Windows.
I agree they should have sent a patch to the grub source, but keep in mind big software companies like microsoft, Verizon, … do not allow software developers to send a patch or PR to open source projects. This is because in their contract it states that all code written on and during company times is owned by the company. This means that it is impossible for them to make a patch or PR because it would conflict with the projects licence and fact its open source.
Its a terrible thing, and it shouldnt be, but thats the fact of the world atm.
What? Microsoft have written and released and contributed to many open source projects - they created vscode for one. They are even one of the top contributors to the Linux kernel.
Yes, but not all devs within microsoft are allowed to work on non-ms foss projects. I assume wsl devs are allowed to send stuff to linux but visual studio devs probably are not.
Not true. A lot of commonly known closed source companies contribute to open source software, including Linux and BSD
And not every team is allowed to do that.
Also, youre telling somebody who has worked with big companies not allowing it in their employer contract that he is lying? Riiiight…
A lot of google devs also are not allowed to do any linux work outside of work without explicit permissions. Development rights is a absolute mess, legally.
I usually dont care and do what is right, but i have gotten in trouble for itI’m not saying you’re lying, but you said
do not allow software developers to send a patch or PR to open source projects.
But this sentence in particular was misleading. Maybe you specifically did not have the right to do so, but in the Linux and BSD codebases there are a lot of @microsoft @netflix @oracle contributions, so at least there is someone in those companies authorized to do so
Fair, and ill edit my post accordingly!
There are teams that are allowed, and within those companies are teams that are directly related to foss projects because those companies are in the foundation or supports of the foundation. However, thats doesnt mean every (product) team in the company is allowed to or that they can do or change whatever they like. Its a complex mess
Thank you for have brought us your experience!
Doesn’t Windows break dual booting semi-regularly? I’ve always avoided it as I’ve had friends get burned by this in the past. I guess I just keep different OSes on different drives, but that obviously isn’t feasible for everyone.
I know that used to be the case. It’s why I stopped trying to use a dual-booting system and instead just installed windows in Virtualbox.
Remove your Microsoft installation, done.
Yes but…
But what? This is Microsoft, they fucked it up so many times that it’s either incompetence or sabotage, and knowing Microsoft, it’s probably both.
This is the same company that invented millions to sabotage Linux through the legal system (hello sco), and the same company that in purpose left gaping security holes open as to not lose any money, causing China to hack the US government through said holes.
Then we decide that just that money isn’t enough so we’ll spy on you at every step of the way, we will force feed you ads, and we’ll use you to train our shitty AI
Frack Microsoft, frack any and all of their software.
This is a regular occurrence and honestly we need to stop recommending dual boot. Use separate drives if you need to, but sharing the same drive is destined to brick something
I literally got this error using a bootable SSD with Ubuntu Mate on it. Separate drives aren’t immune to the issue.
I don’t think dual boot has ever been a good solution (unless you also run one or both of the OS’s under the other in a VM).
Like, if you are unsure about linux, trying it out, learning, whatever, you can just boot a live"cd", or maybe install it on an external (flash) drive.
If you are kinda sure you want to switch, just nuke Windows; it’s easier to switch that way than to have everything on two systems, having to switch.
That is until you want to switch and use mostly linux, but you have friends who want to play one of those few games that only works on windows
The second windows isnt the only option for “all games without any effort”, it will be dead.
Well i believe it already is for the majority of games, though I don’t game anymore so I don’t know, proton wasnt 100% a year or two back
I recently moved from proton to a W11 KVM with my 4080 passed through.
Unfortunately those hostile GAAS probably would be able to detect and block you (I don’t play those games)
I’ve been on Steam+Proton for more than 3 years now. So many many games are now supported. It is usually the DRM kernel anti-cheats that are Windoxez only tend to be the broken ones. I dont buy or care about games that run anti-cheat in Windoze kernel.
But having 2 drives does not solve the boot loading issue, I mean, even if you have two drives, you still have only one bootloader, not?
No. You can have more than one EFI system partition with separate bootloaders on each drive and set their boot order in the BIOS, just like booting from USB or anything else.
This is also possible with just one drive. The efi boot entries for each OS are stored separately in the efi system partition.
EFI can also live in firmware memory.
You can pull the linux drive, boot from the windows drive, and if one of the firmware updates was for efi, windows will trash the entry for your Linux disk.
This has happened for me many times, I had to use a grub rescue disk to rebuild the efi table.
You can have a own EFI partition per Drive (and on it whatever bootloader you want). You then need to use the UEFI boot menu if you want e.g. boot the Windows one. If you have 2 different OS on different drives they should never interfere with each other.
Well, i mean you could of course use the Linux Bootmanager to then forward to the Windows boot manager on the other disk. but i never experimented with that.
even if you have two drives, you still have only one bootloader, not?
The idea is to have completely separate boot and OS drives. You select which one you want to boot through the BIOS boot selection (ie. pressing F10 or F11 at the BIOS screen).
This functionally makes each OS “unaware” of the other one.
Oh you sweet sweet summer boy…
We’re talking Microsoft here, they’ll make sure they’re aware and they’ll make sure to f you over because Microsoft
While I generally agree with that, that’s not what seems to be happening here. What seems to be happening is that anyone who boots Windows via grub is getting grub itself overwritten.
When you install Linux, boot loaders like grub generally are smart and try to be helpful by scanning all available OSes and provide a boot menu entry for those. This is generally to help new users who install a dual-boot system and help them not think that “Linux erased Windows” when they see the new grub boot loader.
When you boot Windows from grub, Windows treats the drive with grub (where it booted from) as the boot drive. But if you tell your BIOS to boot the Windows drive, then grub won’t be invoked and Windows will boot seeing it’s own drive as the boot drive.
This is mostly an assumption as this hasn’t happened to me and details are still a bit scarce.
Unfortunately it really doesn’t. And it’s actually Linux that’s the bigger problem: whenever it decides to updates GRUB it looks for OSes on all of your drives to make grub entries for them. It also doesn’t necessarily modify the version of grub on the booted drive.
Yes I’m sure there’s a way to manually configure everything perfectly but my goal is a setup where I don’t have to constantly manually fix things.
No surprises there, just the usual shitYess, let the hate flow through you! ⚡
Not the first time. I thought a Windows 10 update wiped grub, but Microsoft actually deleted my entire Linux partition. Others have experienced the same thing.
Windows is required for a couple of apps I need with no alternatives, but the only way it runs on any of my computers is in a VM.
How do people use Windows with confidence, with stories like these?
stockholm syndrome
This again?
This reminds me I still have a win 10 partition on my drive. Ye! Extra space to reclaim!
That’s what happens when you don’t keep windows locked inside a virtual machine.
as they like to do every once in a while
Microsoft! You missed your last chance to stay on my computers with your os. Take care, so long and thanks for all the cons.
Semi-O/T: I feel Microsoft is such a violation of personal security that I would not dual boot anything with Windows. I forget exactly what happened (the details), but I remember when I had upgraded my desktop from Win7 Pro to W10 Pro from the free upgrade feature, it broke the MBR/GRUB… from that day on, I’ve kept my OS completed separated by device.
If it’s just sandboxing / VMs, that’s whatever, not sweating that at all.
