Windows 11 update 23H2 broke my dual boot

I have both Fedora 41 and Windows 11 in my laptop.
I barely use Windows and needed it yesterday.
A Windows update popped up and accepted it. 23H2
Might have been big for it took a while.
After restarting, GRUB menu was gone and machine booted directly to Windows.

Moreover, went to UEFI menu and boot order was fine with USB disk first, Linux second and Windows third.
But attempting to boot from Live Fedora USB it wouldn’t work.

Experienced similar problem when upgrading to 24H2…ended up wiping entire disc and reinstalling everything and moving from F40 to F41.

You can still boot from the UEFI menu, right? Is Fedora set as the default entry in your UEFI configuration?

To regenerate grub

sudo grub2-mkconfig -o /boot/grub2/grub.cfg
sudo dnf reinstall shim-\* grub2-efi-\* grub2-common

Hi, @augenauf
UEFI boot order is intact,. Windows didn’t touch it.
It has USB HDD as 1st option, Linux as 2nd, Windows as 3rd.
However Windows has captured the boot process and doesn’t even allow my live Fedora to boot from the USB.
Windows boots straight away.

Near the end of 2024 when windows 11 did an update (Maybe August?) the update to 23H2 (and 24H2) automatically enabled and activated bitlocker on windows. (Without asking for the user to accept the change.)

That breaks booting with linux since linux is not compatible with bitlocker.

The only fix I am aware of is to boot to windows and disable bitlocker which should then allow fedora to boot.

This does not happen with win 10 but definitely does with win 11. I have refused to update to win 11 on my laptop so far (and probably never will since I am seldom travelling.)

I suspect the refusal to boot from the live media is also related since win 11 uses the TPM which is integral to the bios.

Yes, @computersavvy, found some information on this Bitblocker. No solution whatsoever at this point.

I repeat the below

The ONLY way to prevent a windoze installation/reinstallion/update from interfering with a dual boot windoze and Linux environment is to ensure that windoze is installed on the primary drive and Linux on a separate one. The Linux drive can be any SSD, internal or external, with sufficient capacity,

In a two disk environment, one non-shared UEFI system partition will be created on each SSD for the associated OS.

2 Likes

There has been reports that a windows update also updates the .sbat variable, causing permission error for the shim. If you disable secure boot, will the system load grub properly? If so, it may be the cause.

While running Fedora with secure boot disabled, run
sudo mokutil --set-sbat-policy delete and boot again with secure boot disabled. You can run mokutil --list-sbat-revocations to verify that the sbat variable is no cleared. Then you should be able to boot with secure boot enabled.

You can search the net using the strings “shim sbat error windows 11” for more information about the sbat problems.

1 Like

Thank you, @vekruse.
Issue here is I cannot even boot from the live USB Fedora.
But before determining something I need to create another USB live disk.

Not even with secure boot disabled?. The live system will be equally affected if you have an .sbat issue.

Don’t want to assess anything before I create a new USB live drive on a more stable device.
The one I made is on a very thin and unstable USB pen.
I’ll fix that tomorrow and will see.

I’m really stuck with this thing.
All my information -files, programs, procedures- are in my Fedora Linux setup.
And Windows is so dumb the Linux partitions or files cannot be seen from Windows.
What a burden!

Disabling secure boot is done within the bios and does not rely on the OS since that is not even started loading when the bios is accessed (usually with the F2 key from the bios splash screen)

I have it disabled since last time a Windows update prevented Fedora from booting.
Here is proof of my UEFI showing Secure Boot disabled.


And this is my boot order.

I can boot into the USB Fedora Live disk.

Hello again, @vekruse. @computersavvy, @augenauf
Could finally create a new Fedora live USB and can boot into Linux Now.

All my Windows 11 and Fedora 41 setups are intact.
The boot order in the UEFI menu was not affected by the 23H2 Windows 11 update. Boot order is USB SSD first, then Linux and Windows after.
I disabled Secure boot in UEFI and Bitlocker in Windows.
But, as of now, without the live Fedora USB stick inserted, boot still goes directly to Windows.

You can mount linux partitions in WSL but the Microsoft documentation of the procedure appears to be AI-generated garbage. Your Live USB installer should let you backup critical files.