It is a time for a single linux boot.
I never did dual boot. The first time moving from windows 2000 to Linux, my hard drive was only 2 GB and I couldn’t fit both of the OS:es on it, so I nuked the windows one.
At one point my 1GB disk was the “big one” in the dorm. It was the windows share of some random media. I had room for the whole 40MB videos “Jesus vs Frosty” (The Spirit of Christmas) and “Jesus vs Santa Claus”. It was before South Park became an actual show, but people watched those 100’s of times off my hard drive.
When I bought a 3GB from Fry’s it was an open question how we’d fill it. Of course, that was just as the mp3 codec started to gain traction… Problem solved.
That is freedom.
So they were trying to patch systems that use GRUB for Windows-only installs? What a load of BS. Why would anybody install GRUB to boot only Windows with that? Or am I overlooking something?
Furthermore, if GRUB has a security issue, they should’ve contributed a patch at the source instead of patching it themselves somehow. I’m a bit stunned at the audacity of touching unmounted filesystems in an OS patch. Good thing Windows still doesn’t include EXT4 and BTRFS drivers because they might start messing with unencrypted Linux system drives at this rate
They updated the system key store to invalidate known vulnerable boot configurations. One of those configurations was old versions of Grub, which had a pre-boot exploit a couple of years ago.
The issue has already been patched for years, but it appears some Linux distros never bothered to update their system configuration. Not sure if this is a shortcoming of Grub or one of the distro maintainers that were affected, though.
In fact, Microsoft tried to not apply this patch on dual boot systems, leaving them vulnerable but working, but clearly their detection failed. I think their detection required chainloading the Windows bootloader or something?
Either way, the only Linux file that Windows will ever touch with updates is the “fallback for when the boot configuration is completely fucked” bootloader, which both Linux and Windows overwrite after installation, incase the boot configuration gets completely fucked. If you’re relying on that bootloader, you were always going to get fucked by some update eventually; either your installation failed or your motherboard is broken.
What is that latter fallback called? I set up my boot manually using an EFI stub last time I installed arch but wasn’t aware of any fallback bootloader
I don’t know what systemd-boot does, but the normal way to install a bootloader is to copy an efi file to the right folder (/EFI/archlinux/grubx64.efi or whatever) and register the bootloader in the boot configuration store. This allows you to pick the OS from a list by hitting the boot menu key for your device (f8/f12 usually I think?) rather than having to rely on something like systemd-boot or Grub to list all of your operating systems. This way, you can also boot UKIs and other Linux kernels compiled to simple EFI files, without ever even touching an independent bootloader.
As a fallback, both Windows and some Linux bootloaders copy their files to the /EFI/Boot/bootx64.efi directory. This makes the drive bootable in cases where the boot configuration store is broken, or if the drive wasn’t hooked up to the same motherboard when the installation was done. This is particularly important for installer drives, because you don’t want to add a boot entry to your motherboard for every installer you plug in.
The downside of this fallback file is that it’s just one single file in a preset directory, like the MBR of old. Some motherboards come with a file browser to select the EFI application you want to boot, but many will just give you a boot menu and nothing more. Because it’s a single file, that bootloader can either be Windows or it can be Linux. This isn’t a problem normally, but on broken motherboards this can render a system Windows-bootloader only or Linux-bootloader only. You can add both Linux and Windows to either, but the file being booted it always the last one that got updated.
There’s also a weird edge case for when you install Linux on a GPT disk from CSM mode, where the GPT disk will have an MBR. That makes the Linux system incapable of using any UEFI features and it has the same problem: if Windows puts its bootloader there, the drive will boot Windows.
As for bootloaders themselves, you generally only install one (though there’s nothing preventing you from installing both and having both be bootable, because they’re just entries in the UEFI menu!). If you want, you can install bootable Linux kernels as well, without any bootloader, though those don’t let you pick your boot options.
Thanks for the detailed explanation, makes a lot of sense! I guess what I did was set up a UEFI entry that specifies the location of the Linux kernel without any intermediate bootloader. Pretty sure I didn’t set the fallback, so I’m guessing that’s still owned by windows.
Yes, I think you did. In that case, I don’t think Linux will claim the fallback loader entry. Windows doesn’t always copy its files there, so the file may not even exist. If that’s the case, you’ll only ever encounter the fallback paths on an installer/recovery disk.
In the mind of Microsoft, Windows is the only OS and all things on computers exist to facilitate Windows.
lol they fuck with my BIOS boot settings to the point i had to password it. they are that bad.
Grub has already been patched, that doesn’t mean distributions shipped it. SBAT broke systems that hadn’t been updated.
I agree they should have sent a patch to the grub source, but keep in mind big software companies like microsoft, Verizon, … do not normally allow their product teams to send a patch or PR to open source projects. This is because in their contract it states that all code written on and during company times is owned by the company. This means that it is impossible for them to make a patch or PR because it would conflict with the projects licence and fact its open source.
This changes when the team explicitly works on the foss product/project like the ms wsl team or the team working on linux supporting azure hardware, but that is an exception. I do not believe the microsoft kernel/bootloader team is allowed to send patches to grub.Its a terrible thing, and it shouldnt be, but thats the fact of the world atm.
This means that it is impossible for them to make a patch or PR because it would conflict with the projects licence and fact its open source.
That’s not how it works. It just means the company owns the code for all intents and purposes, which also means that if they tell you that you can release it under a FOSS license / contribute to someone else’s project, you can absolutely do that (they effectively grant you the license to use “their” code that you wrote under a FOSS license somewhere else).
Not true. A lot of commonly known closed source companies contribute to open source software, including Linux and BSD
And not every team is allowed to do that.
Also, youre telling somebody who has worked with big companies not allowing it in their employer contract that he is lying? Riiiight…
A lot of google devs also are not allowed to do any linux work outside of work without explicit permissions because of all the internal docs, teams and other work being done on linux from within google. Development rights is an absolute mess, legally.
I usually dont care and do what is right, despite what my emploter contract says, but i have gotten in trouble for itI’m not saying you’re lying, but you said
do not allow software developers to send a patch or PR to open source projects.
But this sentence in particular was misleading. Maybe you specifically did not have the right to do so, but in the Linux and BSD codebases there are a lot of @microsoft @netflix @oracle contributions, so at least there is someone in those companies authorized to do so
Fair, and ill edit my post accordingly!
There are teams that are allowed, and within those companies are teams that are directly related to foss projects because those companies are in the foundation or supports of the foundation. However, thats doesnt mean every (product) team in the company is allowed to or that they can do or change whatever they like. Its a complex mess
Thank you for have brought us your experience!
They can forbid you to work on opensource stuff while being in free time? I mean, I understand that you are not allowed to generate open code that utilises private know how of the company you work for. But not working on Linux in free time seems very strange to me 😮
Edit: deleted wrong “Edit:”
Yeah if you write proprietary code and then work on a similar project in your spare time, your company might sue you because you’re likely reusing code you’ve seen or written at work.
For example Windows developers are forbidden from working on ReactOS
Thats just dual booting. That wont work with the law if the contract says anything created using company hardware is theirs.
And yes, some companies need to give you a green light to work on projects in your free time, because they might have a team doing similar things somewhere, it might compete in something they would like to do in the future or like you said, might use company know how which is a huge nono. Its bs imo, but those clauses and rules are found in some employment agreements.
Remember, always read your employment agreements!😂 edited the wrong post, lol
What? Microsoft have written and released and contributed to many open source projects - they created vscode for one. They are even one of the top contributors to the Linux kernel.
Yes, but not all devs within microsoft are allowed to work on non-ms foss projects. I assume wsl devs are allowed to send stuff to linux but visual studio devs probably are not.
The wrote and released VS Code - a completely opensource development environment. If they wanted to patch Grub I bet they could have found the permissions internally to do that. Microsoft is a lot more open to OSS contributions then they were in the past.
Not saying youre wrong, but you took the wrong project as an example hehe.
Visual code is not open source. Its core is, but visual code isnt. The difference is what visual code ships with, on top of its core.
Its like saying chrome == chromium ( it isnt ).Visual code comes with a lot of features, addins and other stuff that isnt in the core.
.net debugger for example, is not found in vscodium ( build of the vscode core ). And there is more stuff i cant think of now but have come across. Source: been using vscodium for a few months instead of vscodeSure, my bad. But it does not change my point. They have released stuff as opensource even if not all of it. Which means they can if they want to.
I know, hence why i said youre not wrong but the example was wrong :p
Also, its more complex than that. Some teams can, some cant. And if they can it all depends on what project or context. The business world isnt that cut and dry hehe
this changes nothing: microsoft should have sent a patch remains microsoft should have sent a patch; internal policies are irrelevant to actions effecting external projects
No surprises there, just the usual shit
°-° /|-👍 / \
That’s what happens when you don’t keep windows locked inside a virtual machine.
Microsoft breaks bootloader and nixes Linux partition
Microsoft: “patch seems to be working as intended”
This is a regular occurrence and honestly we need to stop recommending dual boot. Use separate drives if you need to, but sharing the same drive is destined to brick something
I literally got this error using a bootable SSD with Ubuntu Mate on it. Separate drives aren’t immune to the issue.
I think I’ve managed to avoid this by making the Linux drive my boot drive and by leaving the Windows drive untouched. (i.e. grub bootloader on the Linux drive, with option to boot to Windows as the second choice)
I’ve got the same setup 😎
same setup, havent had issues so far.
This isn’t true if you have a bootloader on each drive, which, I think, is what the we’re talking about.
But having 2 drives does not solve the boot loading issue, I mean, even if you have two drives, you still have only one bootloader, not?
No. You can have more than one EFI system partition with separate bootloaders on each drive and set their boot order in the BIOS, just like booting from USB or anything else.
This is also possible with just one drive. The efi boot entries for each OS are stored separately in the efi system partition.
EFI can also live in firmware memory.
You can pull the linux drive, boot from the windows drive, and if one of the firmware updates was for efi, windows will trash the entry for your Linux disk.
This has happened for me many times, I had to use a grub rescue disk to rebuild the efi table.
The boot entries live in firmware yes, efibootmgr can create and remove them. The are pointers to the bootloader. Many systems can boot from the disk itself without the entry, the entry just makes it pretty (“Fedora” instead of NVME1).
I’m not exactly sure what you’re suggesting. Isn’t that more or less what I just said?
Somewhat. One, a system can be bootable without the entries because they are just pointers to the actual bootloader, so even if windows does the stupid and deletes them it isn’t the end of the world. It does depend on your specific firmware though.
Also two, you can write them again with a single line in efibootmgr, they’re just saying “if I click Fedora load the shim from the EFI system partition on disk 1”.
This is very different than the old world where windows would delete your bootloader entirely and the MBR couldn’t be easily explored. They live in the efi system partition instead - or at least the shim does- and typically every OS leaves the other ones alone (even Windows, except in this case, although it didn’t touch the shim itself).
The initial comment was about the bootloader and really only applies to MBR partitions.
even if you have two drives, you still have only one bootloader, not?
The idea is to have completely separate boot and OS drives. You select which one you want to boot through the BIOS boot selection (ie. pressing F10 or F11 at the BIOS screen).
This functionally makes each OS “unaware” of the other one.
Unfortunately it really doesn’t. And it’s actually Linux that’s the bigger problem: whenever it decides to updates GRUB it looks for OSes on all of your drives to make grub entries for them. It also doesn’t necessarily modify the version of grub on the booted drive.
Yes I’m sure there’s a way to manually configure everything perfectly but my goal is a setup where I don’t have to constantly manually fix things.
My install does not seem to do this. I removed the windows drive when installing Linux on a new drive. Put both drives in and select which one to boot in the bios. Its been that way for about a year and, so far, grub updates have never noticed the windows install nor added to grub.
That’s with bazzite, can’t speak for any other distro as that is the only dual-boot machine I own. Bazzite does mention they do not recommend traditional dual boot with the boot loader and recommend the bios method so maybe they have something changed to avoid that?
If you install each OS with it’s own drive as the boot device, then you won’t see this issue.
Unless you boot Windows via the grub boot menu. If you do that then Windows will see that drive as the boot device.
If you select the OS by using the BIOS boot selection then you won’t see this issue.
I was bitten by Windows doing exactly this almost 15 years ago. Since that day if I ever had a need for dual-boot (even if running different distros) each OS will get it’s own dedicated drive, and I select what I want to boot through the BBS (BIOS Boot Selection). It’s usually invoked with F10 or F11 (but could be a different key combo.
Oh you sweet sweet summer boy…
We’re talking Microsoft here, they’ll make sure they’re aware and they’ll make sure to f you over because Microsoft
While I generally agree with that, that’s not what seems to be happening here. What seems to be happening is that anyone who boots Windows via grub is getting grub itself overwritten.
When you install Linux, boot loaders like grub generally are smart and try to be helpful by scanning all available OSes and provide a boot menu entry for those. This is generally to help new users who install a dual-boot system and help them not think that “Linux erased Windows” when they see the new grub boot loader.
When you boot Windows from grub, Windows treats the drive with grub (where it booted from) as the boot drive. But if you tell your BIOS to boot the Windows drive, then grub won’t be invoked and Windows will boot seeing it’s own drive as the boot drive.
This is mostly an assumption as this hasn’t happened to me and details are still a bit scarce.
I did that and a Windows update nuked Linux from the BIOS boot loader a few weeks ago.
The only safe option is to have completely separate machines. Thankfully with the rise of ridiculously powerful minipcs that’s easier than ever.
You can have a own EFI partition per Drive (and on it whatever bootloader you want). You then need to use the UEFI boot menu if you want e.g. boot the Windows one. If you have 2 different OS on different drives they should never interfere with each other.
Well, i mean you could of course use the Linux Bootmanager to then forward to the Windows boot manager on the other disk. but i never experimented with that.
I just learned that you can do this setup even on one drive alone (having two bootloader on one drive in two partition and choosing in UEFI/Legacy BIOS)
I don’t think dual boot has ever been a good solution (unless you also run one or both of the OS’s under the other in a VM).
Like, if you are unsure about linux, trying it out, learning, whatever, you can just boot a live"cd", or maybe install it on an external (flash) drive.
If you are kinda sure you want to switch, just nuke Windows; it’s easier to switch that way than to have everything on two systems, having to switch.
That is until you want to switch and use mostly linux, but you have friends who want to play one of those few games that only works on windows
The second windows isnt the only option for “all games without any effort”, it will be dead.
Well i believe it already is for the majority of games, though I don’t game anymore so I don’t know, proton wasnt 100% a year or two back
I’ve been on Steam+Proton for more than 3 years now. So many many games are now supported. It is usually the DRM kernel anti-cheats that are Windoxez only tend to be the broken ones. I dont buy or care about games that run anti-cheat in Windoze kernel.
deleted by creator
Doesn’t Windows break dual booting semi-regularly? I’ve always avoided it as I’ve had friends get burned by this in the past. I guess I just keep different OSes on different drives, but that obviously isn’t feasible for everyone.
I know that used to be the case. It’s why I stopped trying to use a dual-booting system and instead just installed windows in Virtualbox.
Yeah, it did get me to stop also a dual boot with Linux. I’m mostly Windows, so I’ve just used Linux in VMs.
WSL?
Legit have never had an issue with multi boot and windows like ever, tbf I don’t go into windows that frequently anymore but it’s never given me grief in at least a decade. I know my experience isn’t universal though, so sorry to anyone who does have boot issues after windows updates.
In the worst case, could use bcdedit and use the windows boot loader (tbh I have no idea if that works here, but could be worth a try)
It’s a lot better in uefi, MBR dual booting was always sort of hacky.
I have dualboot set-up on my MacBook and have no. But it is a long time ago, since I last started macOS and my Mac would not get new macOS updates anyway😂 that was the reason to install Linux in the first place 😝
deleted by creator
Remove your Microsoft installation, done.
Yes but…
But what? This is Microsoft, they fucked it up so many times that it’s either incompetence or sabotage, and knowing Microsoft, it’s probably both.
This is the same company that invented millions to sabotage Linux through the legal system (hello sco), and the same company that in purpose left gaping security holes open as to not lose any money, causing China to hack the US government through said holes.
Then we decide that just that money isn’t enough so we’ll spy on you at every step of the way, we will force feed you ads, and we’ll use you to train our shitty AI
Frack Microsoft, frack any and all of their software.
If you need to dual boot, be sure to use separate EFI partitions for windows and Linux, separate drives if possible. Windows has done this far too many times.
Just remove Windows. One problem less on the list.
and unplug your linux drive when booting windows, just in case
+1. I do this
Not the first time. I thought a Windows 10 update wiped grub, but Microsoft actually deleted my entire Linux partition. Others have experienced the same thing.
Windows is required for a couple of apps I need with no alternatives, but the only way it runs on any of my computers is in a VM.
How do people use Windows with confidence, with stories like these?
stockholm syndrome
They don’t want you to have dual boot. They want you to choose.
Glad I chose linux then.
I’m going to choose a VM.
I’d almost bet money that in a year or two they’ll make it so that the latest version of windows cannot be installed in virtual machines
That would break 90+% of installations then. And all of Azure.
That’s when they “graciously” offer to whitelist “approved” devices to boot windows VM from.
Then anyone running a Windows VM would just switch to a Server edition, which is almost exclusively run via a VM.
I have a morbid curiosity to see that happen.
Yes and
as they like to do every once in a while
I put windows in the shame box (VM).
I recently discovered that Rufus has an option to set up a Windows ISO as “Windows on the go” so I dug out an old 500Gb SSD that had a USB adapter with it and installed Windows on that. So now instead of dual booting I can just hit F12 and boot from USB on the rare occasions when I need to run something in Windows.
It’s also quite satisfying to be able to physically remove Windows and shove it into a drawer when it goes full Windows too lol.
God, I’d have a back up in case I went full office space.
I pretty much did just go full office space on it lol. Here’s a fun thing I just learned:
Windows 11 apparently defaults to a tiny fraction of space for system restore points, and if it runs out of space it just deletes the old ones without asking or telling you. Because it defaults to a tiny amount of space, it apparently only ever keeps one system restore point on hand.
This means I made a manual one on a clean install when I’d got my settings sorted, so I can hop back to that when Windows inevitably fucks up. But because it’s Windows, what it did was apply a big update, fuck it up, then save that fuck up as the only restore point.
I restored it anyway just to see what would happen, and that broke even more stuff. Back in the drawer!
This has been my solution for a long time.
Microsoft! You missed your last chance to stay on my computers with your os. Take care, so long and thanks for all the cons.
“wasn’t supposed to”
Are you quoting CroudStrike?
I’m quoting OP’s summary (or quote). I’m implying that Microsoft is hostile to Linux installations generally.