Over the past year, a considerable number of users who used dual-boot systems between Windows and Linux have experienced significant difficultiesThis issue arose after a Windows security update Microsoft released in August 2024, which caused numerous computers to no longer boot properly into Linux when Secure Boot was enabled. Those affected encountered messages such as “SBAT self-check failed: Security Policy Violation”, preventing normal access to the Linux operating system.
The origin of the failure was the implementation of Secure Boot Advanced Targeting (SBAT), a feature intended to increase protection by blocking older or insecure boot loaders. In theory, this setting was not supposed to affect computers that were detected as dual-booting, but some custom dual-boot configuration methods were not recognized, and the block was still applied. As a result, popular Linux distributions such as Ubuntu, Debian, Mint, Zorin OS, and Puppy Linux were affected on systems with Windows 10, 11, and various versions of Windows Server.
Microsoft and a lengthy repair process
After the first complaints and reports from users, Microsoft was quick to acknowledge the existence of the problem, although the definitive solution did not arrive until May of 2025, almost nine months later. During that time, the company offered various workarounds, ranging from manually removing the offending SBAT setting to modifying the Windows registry using specific commands—a process that isn't easy for less experienced users.
Among the recommendations to mitigate the problem, Microsoft even suggested running a command like reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORDThis modification helped prevent future updates from continuing to block Linux boot, but it did not resolve the underlying issue for everyone affected.
Key updates and affected systems
The definitive solution has been implemented in several Security updates released on May 13, 2025, identified with codes such as KB5058405 and KB5058385, depending on the version of Windows used. These patches have restored normal dual-boot functionality to systems that suffered from the bug. The affected versions include Windows 11 (23H2, 22H2, 21H2), Windows 10 (21H2), and various editions of Windows Server from 2012 onwards.
Users don't need to take any additional steps in most cases, as the update is distributed automatically through Windows Update. Although some users have reported isolated issues, such as the BitLocker recovery key prompt appearing on certain Windows 10 installations, Microsoft has not yet acknowledged these cases as a widespread problem.
Why it happened and what has changed
The ruling arose because dual boot detection It didn't cover all the possible ways a Linux system could be installed alongside Windows. Thus, the SBAT check was applied indiscriminately, even blocking legitimate bootloaders. The company has adjusted the logic behind this mechanism to better identify dual-boot environments and allow both operating systems to function properly.
Thanks to the latest patches, updates from September 2024 onwards They no longer contain the parameters that caused the crash, and installing the latest versions of Windows should ensure smooth coexistence between Windows and Linux on computers with Secure Boot enabled.
This episode has highlighted the need to pay more attention to users who opt for hybrid solutions and the importance of thoroughly testing security mechanisms that may affect less conventional, but still very common, configurations.
