this post was submitted on 09 Dec 2025

0 points (NaN% liked)

Linux

65813 readers

1011 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

Grub and the Microsoft Ransomware (lemmy.ml)

submitted 6 months ago by Moonrise2473@lemmy.ml to c/linux@lemmy.ml

16 comments fedilink hide all child comments

TL;DR: bitlocker does not like grub

Full story:

Months ago I installed fedora on my desktop, dual booting Windows 11.

In all this time I never had the need to boot into windows. I remembered that it worked fine after install, good, and then I forgot about that.

Today I needed a specific windows only software, so at grub I chose the microsoft bootloader and... BITLOCKER.

Huh? Bitlocker? Me? What? Searched frantically for that decryption password in my keepass, did not find. What?? How???

After a few minutes staring at that screen I thought, ok let's just wipe that shit and reclaim the space. I went back to linux, opened the partition manager, then remembered that i had something important in single copy over there. Noooooo

Went back to the boot screen to try again, still failed password.

Then I notice the error:

e_fve_pcr_mismatch

that mismatch lets me think that maybe I had something wrong in my booting.

I try to put windows first in the bios and it works! WHAT THE...?!??

So, if i put linux first, then launch windows from grub, bitlocker takes the windows partition under ransom, i can only access if windows is first. And of course in windows 11 x64 is no longer possible add linux partitions in their boot manager (previously it was possible)

Incompetence or maliciousness?

top 16 comments

sorted by: hot top controversial new old

[–] just_another_person@lemmy.world 0 points 6 months ago (1 children)

PCR is the name of a registered value in your TPM module.

Did you disable or otherwise changed your Secure Settings in your BIOS? That would do it.

[–] Static_Rocket@lemmy.world 1 points 6 months ago (1 children)

Any changes in the boot process should change various PCR registers. https://wiki.archlinux.org/title/Trusted_Platform_Module#Accessing_PCR_registers

[–] just_another_person@lemmy.world 0 points 6 months ago (1 children)

Nah. Specific field registers for specific things, and something like Bitlocker doesn't watch ALL of them.

From the few docs I can find, it looks like 0,2,4, and 11. Pretty common.

[–] Static_Rocket@lemmy.world 1 points 6 months ago* (last edited 6 months ago)

I suppose I could have phrased that better. The registers themselves correspond to particular applications/stages, but the values store in those registers should change based on how the application/stage was loaded. Switch the order or inject a new binary and the hash from that stage on should change.

[–] Frederic@beehaw.org 0 points 6 months ago (1 children)

Have you found a fix?

[–] Moonrise2473@lemmy.ml 1 points 2 weeks ago

I had to disable bitlocker

The permanent "fix" that i done a few weeks later was to do single boot with fedora and move windows in a VM under KVM

[–] tea@lemmy.today 0 points 6 months ago (2 children)

I have given up dual-booting and just have a Windows VM for work things that require Windows. Less muss, less fuss and I can move the VM around as needed when moving between primary PCs.

[–] eldavi@lemmy.ml 0 points 6 months ago (1 children)

did you have to buy a windows license to do it?

[–] Engywuck@lemmy.zip -1 points 6 months ago (1 children)

You may want to Google for a dev called Massgrave.

[–] eleijeep@piefed.social 0 points 6 months ago (1 children)

Is their GitHub account called massgravel (with an L at the end)? Or is that someone typo-squatting?

[–] Engywuck@lemmy.zip -1 points 6 months ago

Just checked, massgravel (with an L) is right.

[–] Engywuck@lemmy.zip -1 points 6 months ago (1 children)

This. And fuck secure boot. Nowadays almost any of can run VMs flawlessly.

[–] wildbus8979@sh.itjust.works 0 points 6 months ago (1 children)

You can even use SecureBoot and TPM in a VM ;) OVMF EDK2 fully supports both ;)

SecureBoot is fine, sucks that vendors won't add distro keys but you can do that yourself, or use the shim.

[–] Engywuck@lemmy.zip -1 points 6 months ago (1 children)

Or just disable it in UEFI and forget about it.

[–] erebion@news.erebion.eu 0 points 6 months ago (1 children)

Security tools are there for a reason. Sure, I can encrypt my Linux rootfs, but that doesn't stop anyone from tampering with the initramfs. Secure Boot + UKI does.

[–] Engywuck@lemmy.zip -1 points 6 months ago* (last edited 6 months ago)

Cool. I still prefer to disable it.