Does BlackLotus UEFI bootkit impact Linux in dual boot with Windows?

BlackLotus UEFI bootkit defeats Secure Boot
–Windows 11 Security at risk? BlackLotus UEFI bootkit defeats Secure Boot - gHacks Tech News

From what I read, I would say “yes”.

Akin to other strange things in previous years with nothing to know or do about it huh!

Intel inside only knows…

Other than steer clear of UEFI bootkits if one is running W11, which I am on one PC.

So, booting into Linux (dual boot with Win) avoids the nasties?

I do not dual boot W11 and probably never will, but I do dual boot W10, but not in UEFI.

In a way, whether UEFI or not, if the disk is compromised by default, what can be done?

Get rid of Windows ASAP. :rofl:


Even if disk compromise from getgo?

Reformat and start over, or trash the disk and start over, about all I would know!!!

My recommendation is, if you REALLY MUST, dual boot ANY version of windows with Linux (any version) use separate hard drives. One for each OS.
Given the current level of interfaces available today either drive can be USB external.
I’ve found it is better to disable the UEFI secure boot. You could disable when using Linux and enable when using windows.

The only problem with that is W11 will not boot without secure boot enabled, what do you think
the BlackLoutus Bootkit is doing, bypassing all UAC and secure boot by some frilly weakness,
until Microsoft can patch the weakness, and the weakness is nothing new, just took someone, with nothing else to do to exploit the weakness. Linux would not have a flying chance in hell running on the hardware in my new W11 PC.

Have a DELL desktop…
Maybe time to install a separate SSD.

Then again… what other malware will come around to haunt me there?! :scream::unamused:

What are you trying to dual boot with?

With Windows 11 on a DELL Optiplex 7060.

Would you care to share your specs?

Just noticed “secure boot state off” - never touched it!

OS Name Microsoft Windows 11 Pro
Version 10.0.22621 Build 22621
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model OptiPlex 7060
System Type x64-based PC
System SKU 085A
Processor Intel(R) Core™ i5-8500 CPU @ 3.00GHz, 3000 Mhz, 6 Core(s), 6 Logical Processor(s)
BIOS Version/Date Dell Inc. 1.24.0, 12/9/2022
SMBIOS Version 3.1
Embedded Controller Version 255.255
BaseBoard Manufacturer Dell Inc.
BaseBoard Product 0NC2VH
BaseBoard Version A01
Platform Role Desktop
Secure Boot State Off
PCR7 Configuration Elevation Required to View
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = 10.0.22621.819
Time Zone Central Standard Time
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 7.80 GB
Available Physical Memory 3.53 GB
Total Virtual Memory 9.68 GB
Available Virtual Memory 5.55 GB
Page File Space 1.88 GB
Page File C:\pagefile.sys
Kernel DMA Protection Off
Virtualization-based security Running
Virtualization-based security Required Security Properties
Virtualization-based security Available Security Properties Base Virtualization Support, DMA Protection, UEFI Code Readonly, Mode Based Execution Control
Virtualization-based security Services Configured Hypervisor enforced Code Integrity
Virtualization-based security Services Running Credential Guard, Hypervisor enforced Code Integrity
Windows Defender Application Control policy Enforced
Windows Defender Application Control user mode policy Audit
Device Encryption Support Elevation Required to View
A hypervisor has been detected. Features required for Hyper-V will not be displayed.

OK, secure boot does not have to be enabled but UEFI/secure boot has to be available.
Also Device Manager should show TPM

under the Security device
Are you wanting to dual boot this machine with Linux on a separate drive? If so, I can’t see
using a separate drive will change anything, as to what W11 is requiring to boot.
I plan on running Linux on my W11 machine, but it will only be in a VM.

TPM is there just like yours.

Have never run a Linux distro in VM before.
They’re usually slow in there right?

My best advice, do not compromise W11 in trying to hack Linux on your machine, this is probably
what happened to the laptop. I am curious as to how, BlackLotus BootKit, is envolved, because
I have one laptop running W10 and Debian 11, on the same drive.
VM should run OK with 8GB of ram, allocate maybe 2GB to 4GB to the VM, depending on the
distro, would be worth the trouble to update ram to 16GB.
I have a Dell laptop running W10 and a Gentoo VM with only 2GB allocated to the VM, runs OK,
but not as fast as a Cheetah.