SB2: Grub vanished after W10-Update, unable to boot Linux

[mrmonologue]

Hello,

After the recent W10-Update (I do use dualboot with Linux-Mint on my Surface Book 2), that is this one: https://support.microsoft.com/en-us/topic/september-14-2021-kb5005565-os-builds-19041-1237-19042-1237-and-19043-1237-292cf8ed-f97b-4cd8-9883-32b71e3e6b44, the GRUB-startup, where I have been choosing which OS to boot, has vanished. Therefore I am not able to boot into Linux anymore.

Inside UEFI appears to be "ubuntu" on the bootable systems, but every time I restart the device, W10 does automatically launch. De-installing the update does not work, inasmuch as W10 automatically re-installs the update, ignoring my setting to skip updates, while rebooting.

Concerning I am fairly new to those troubles, I hope to get some good advice here. W10 is frustrating me with every consecutive day...

Greetings

[Amondale]

I assume you've gone into UEFI and tried to launch from there. On my SP4, this is done by holding down the Volume - button for a few seconds while it powers up. Then go to "Boot Configuration" where you should see your flavor of Linux, tab to it rather than mouse to it, and press Enter (2x) on your keyboard to boot it immediately, or you can change the order from this same screen by mouse-dragging the Linux startup above the Windows startup. This is how I always boot to my Ubuntu that I carved out of free disk space, as the "Windows Boot Manager" in the GRUB launcher always results in a sad face or "out of recovery options" due to BitLocker on the main NTFS partition. I believe this is just a "Surface thing" but it may vary with the GRUB version too. In any case you may find it handy to create a "boot repair" USB stick and keep it around for those times when Windows updates decide to clobber the UEFI partition in some way.

[Amondale]

Another possibility is that a Surface Firmware update has turned off 3rd Party Certificates (in the Security menu, also in UEFI setup) for Secure Boot. Check that out and if the option reads Microsoft-only, that's your problem.

The final and ugliest possibility: your MOK manager, which generates the 3rd-party cert/thumbprint, has been overwritten. If that's the case, this article will help you understand the ugly innards of MOK and UEFI "shims" needed to get the GRUB menu visible from your surface with Secure Boot on (really the only way to boot into Windows with Bitlocker enabled).

But try the options above first, I have a hunch one of these will bring back your GRUB menu.

[qzed]

I think normally Windows shouldn't mess with bootloader files of other OSes (if it isn't outright re-formatting the boot partition due to a "default" install), so apart from the things @Amondale said, it might be that it somehow screwed up the UEFI boot entry (which points to the bootloader). That could e.g. be fixed with efibootmgr. I think it should also be possible to just re-install the bootloader from a Ubuntu install USB stick (which should also cover the boot entry). See e.g. https://help.ubuntu.com/community/RecoveringUbuntuAfterInstallingWindows (note: I've never tried the automatic solution described there, so I can't speak for any issues that it might have).

[Amondale]

OP is saying Linux Mint rather than Ubuntu, but the UEFI environment is pretty OS-agnostic, so the Ubuntu boot repair may work in this case. Would like to ascertain if Bitlocker is installed, and whether the installation was performed to install 3d party drivers, and had a MOK phase after installation. According to this post , you cannot chain load any non-Windows 8+ OS when Bitlocker is enabled on the system (C:) partition except directly from the UEFI menu, so we need more information on the status of the UEFI partition before and after the Windows Update.

Efibootmgr will help, of course it is a Linux tool, and this article, especially #3 (boot order) and #6 (3d Party Secure Boot), should get @mrmonologue back on track to launch a USB stick that could contain efibootmgr and/or boot-repair.

[qzed]

OP is saying Linux Mint rather than Ubuntu, but the UEFI environment is pretty OS-agnostic, so the Ubuntu boot repair may work in this case.

Oh right, sorry for missing that. Just read that the bootloader entry was named that (OP, did you by any chance install Ubuntu before Mint at some point?). Maybe Linux Mint provides something similar?

Would like to ascertain if Bitlocker is installed, and whether the installation was performed to install 3d party drivers, and had a MOK phase after installation. According to this post , you cannot chain load any non-Windows 8+ OS when Bitlocker is enabled on the system (C:) partition except directly from the UEFI menu, so we need more information on the status of the UEFI partition before and after the Windows Update.

Ah that's interesting! Did not know that.

[mrmonologue]

Thank You @Amondale and @qzed for helping me out. I deactivated the Secure Boot option in UEFI to "None" (the only way it worked) and I was able to access GRUB again. Luckily, that was everything needed. Greetings!

[Amondale]

If that was how you installed Mint (Secure Boot off) then that's the only way to boot back into it. You didn't mention if you had Bitlocker, or had encrypted the Mint partition? I personally find the flashing red when Secure Boot is turned off pretty annoying, but it's over quickly I guess!

[mrmonologue]

Actually, I installed Mint with Secure Boot on. I remember turning off Bitlocker for installing Mint though. But after Mint was set up, I re-activated Bitlocker. That worked fine those days. Inasmuch as I do have some other issues with Mint and especially the SB2 (e. g. the battery duration) I think of re-installing the whole OS and might furthermore move to Ubuntu.

[PiecePaperCode]

Just A Word on DualBoot I experienced this Issue on an non Surface Device with Windows Dual Boot. After major Updates my Distro got Nuked and didnt work anymore. As a preventie measure go into Windows Computer Settings and deactive the partition where your distro is. So windows wont be aware anymore of the Linux Partion.