this post was submitted on 22 Aug 2024
153 points (96.9% liked)

Linux

48328 readers
659 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Follow up to: “Something has gone seriously wrong,” dual-boot systems warn after Microsoft update

SBAT was developed collaboratively between the Linux community and Microsoft, and Microsoft chose to push a Windows update that told systems not to trust versions of grub with a security generation below a certain level. This was because those versions of grub had genuine security vulnerabilities that would allow an attacker to compromise the Windows secure boot chain, and we've seen real world examples of malware wanting to do that (Black Lotus did so using a vulnerability in the Windows bootloader, but a vulnerability in grub would be just as viable for this). Viewed purely from a security perspective, this was a legitimate thing to want to do.

...

The problem we've ended up in is that several Linux distributions had not shipped versions of grub with a newer security generation, and so those versions of grub are assumed to be insecure (it's worth noting that grub is signed by individual distributions, not Microsoft, so there's no externally introduced lag here). Microsoft's stated intention was that Windows Update would only apply the SBAT update to systems that were Windows-only, and any dual-boot setups would instead be left vulnerable to attack until the installed distro updated its grub and shipped an SBAT update itself. Unfortunately, as is now obvious, that didn't work as intended and at least some dual-boot setups applied the update and that distribution's Shim refused to boot that distribution's grub.

...

The outcome is that some people can't boot their systems. I think there's plenty of blame here. Microsoft should have done more testing to ensure that dual-boot setups could be identified accurately. But also distributions shipping signed bootloaders should make sure that they're updating those and updating the security generation to match, because otherwise they're shipping a vector that can be used to attack other operating systems and that's kind of a violation of the social contract around all of this.

you are viewing a single comment's thread
view the rest of the comments
[–] CrabAndBroom@lemmy.ml 78 points 3 months ago (3 children)

It's funny how often Microsoft manages to accidentally do things that just happen to make life more difficult for Linux users. They sure do seem to have bad luck with that.

[–] aksdb@lemmy.world 30 points 3 months ago

They also fuck over their own OS. I don't think they deliberately broke dual boot installs, they simply don't put enough effort in QA. (See their recent problems with BitLocker after an update. Or that one update that fails because some internal partition is too small. And so on.)

[–] superkret@feddit.org 27 points 3 months ago* (last edited 3 months ago) (1 children)

I don't think Microsoft cares that much anymore. The OS wars are over.
Every Windows now ships with a one-button Linux installer.
Powershell has default aliases so you can use bash commands for basic stuff.
Microsoft is one of the top contributors to the Linux kernel.
They provide documentation on how to install Linux.
They have published a Linux distro.

They don't care cause that's not where they make their money. Their focus is on keeping their market dominance in Office, Exchange and AD, or M365, Exchange Online and Entra, respectively (all of which can be accessed from Linux). With those products, they can basically demand a tax of ~$20-30/month/employee from every business in the world.

[–] DeceasedPassenger@lemmy.world 22 points 3 months ago

Let's not forget this is the same company that invented 'Embrace, Extend, Extenguish' as a guiding business model behind closed doors. For me, that trust is broken until proven otherwise.

[–] ExtremeDullard@lemmy.sdf.org 19 points 3 months ago (1 children)

In fairness, anybody who dual-boots invites Microsoft to apply their legendary incompetence to their entire system. And so while I understand that dual-booting is (still, sadly) a totally valid need, people who set up their system for dual-boot kind of make life more difficult for themselves. Microsoft is just being Microsoft here.

[–] jh29a@lemmy.blahaj.zone 1 points 2 months ago

use totally ancient linux distribution to run virtual machines!