Wasu kwanaki da suka wuce, Microsoft ya fitar da "sabuntawa na tsaro" wanda ake zaton yana da manufar"magance rashin lafiyar ɗan shekara biyu a cikin GRUB », amma nisa daga kasancewa mai taimako, sabuntawar ya haifar da matsaloli masu yawa akan tsarin boot-boot da ke gudana Windows da Linux, kuma don haka ya haifar da katsewar booting akan tsarin Linux lokacin da aka kunna amintacce boot.
Ularfafawa wanda aka ba da shawarar yin magana da wannan sabuntawa shine CVE-2022-2601 a cikin GRUB2, wannan raunin yana bawa maharan damar ketare amintattun kariyar takalma. A cikin martani, Microsoft ya yanke shawarar toshe masu lodin boot ɗin Linux waɗanda ba a daidaita su da wannan rauni ba, wanda zai iya hana tsarin Linux yin booting tare da Windows a cikin jeri biyu-boot.
"Rashin lahani da ke da alaƙa da wannan CVE yana cikin GRUB2, mai ɗaukar kaya na Linux wanda aka tsara don tallafawa amintaccen boot akan tsarin Linux," in ji Microsoft a cikin shawarwarin da aka buga don magance matsalar. "An rubuta wannan gaskiyar a cikin Jagorar Sabunta Tsaro, wanda ke nuna cewa sabbin nau'ikan Windows ba su da rauni ga ketare wannan ma'aunin tsaro ta amfani da Linux GRUB2 bootloader. Ƙimar SBAT ba ta shafi tsarin taya biyu da ke gudana Windows da Linux ba saboda haka bai kamata ya shafi waɗannan tsarin ba.
Game da matsalar
Dual boot, wanda ke ba masu amfani damar shigarwa da zaɓi tsakanin tsarin aiki guda biyu akan kwamfuta ɗaya, wannan sabuntawa ya sami mummunan tasiri. Musamman, da Tsarin Linux ta amfani da GRUB a matsayin boot managerkuma an kunna Secure Boot sun fuskanci hadarurruka bayan sabuntawa.
Sabuntawa zuwa Windows sun aiwatar da sabuwar manufar SBAT (UEFI Secure Boot Advanced Targeting), tsara don toshe bootloaders da Linux wanda ba a sabunta ba don magance raunin CVE-2022-2601 a cikin GRUB2. Matsalar tana bayyana kanta tare da saƙon kuskure mai nuni
"Kuskuren tabbatar da bayanan SBAT: cin zarafin manufofin tsaro. "Wani abu ya yi kuskure: SBAT gwajin kansa ya kasa: cin zarafin manufofin tsaro."
Tsarin SBAT, Red Hat da Microsoft suka haɓaka, an tsara shi don toshe lahani a cikin bootloader na GRUB ba tare da buƙatar soke sa hannun dijital ba. SBAT tana ƙara metadata zuwa abubuwan aiwatarwa na UEFI, waɗanda aka ƙware tare da sa hannun dijital kuma ana amfani da su don sarrafa jerin abubuwan da aka yarda ko aka haramta a cikin UEFI Secure Boot. Wannan tsarin yana ba da damar takamaiman nau'ikan abubuwan haɗin gwiwa don kulle ba tare da soke maɓallai gabaɗaya ba, sabanin hanyar da ta gabata wacce ke buƙatar ɗaukaka lissafin soke takardar shedar UEFI (dbx).
Batun na yanzu da alama sakamakon rashin gwaji ne daga bangaren Microsoft. kafin aiwatar da facin, da kuma rashin sabuntawa a wasu GRUB bootloaders ta masu haɓaka rarraba Linux. An buga fassarar cikakken nazarin matsalar Matthew Garrett, wanda ke nuna cewa duka Microsoft da wasu masu haɓaka Linux suna ɗaukar alhakin wannan yanayin.
Game da lamarin, Microsoft ya fitar da sanarwa kawai:
"Ba a amfani da wannan sabuntawar lokacin da aka gano zaɓin boot ɗin Linux. Koyaya, muna sane da cewa wasu yanayin taya biyu suna haifar da matsala ga wasu masu amfani, musamman lokacin amfani da tsoffin bootloaders na Linux waɗanda ke ɗauke da lambar mara ƙarfi. "Muna hada kai da abokan aikinmu na Linux don bincike da warware wannan batu."
Ga waɗanda ke fuskantar matsalar, ana ba da shawarar ku gwada kashe amintaccen boot a cikin BIOS/UEFI a matsayin mafita na ɗan lokaci, kodayake wannan na iya yin illa ga tsaron tsarin.
Wani bayani shine cire bayanan SBAT da aka sanya a cikin UEFI, shigar da sabon rarraba Linux tare da ingantaccen tallafi don amintaccen boot ɗin UEFI (kamar Ubuntu), gudanar da umarnin. mokutil --set-sbat-policy
don cire manufar SBAT sannan a sake kunna kafaffen taya.
Sabuntawa: Idan kuna tunanin Microsoft ya fitar da sabuntawar tare da mugun nufi, Matthew Garrett ya fito don yin bayani Wanene ke da alhakin hatsarin a cikin taya biyu?