Garrett: What is an SBAT and why does everyone suddenly care
Matthew Garrett <a href="https://mjg59.dreamwidth.org/70348.html" rel="nofollow">describes
the role of the Secure Boot Advanced Targeting mechanism</a> and how it
played into the recent Windows upgrade problems.
So why is this suddenly relevant? SBAT was developed
collaboratively between the Linux community and Microsoft, and
Microsoft chose to push a Windows update that told systems not to
trust versions of grub with a security generation below a certain
level. This was because those versions of grub had genuine security
vulnerabilities that would allow an attacker to compromise the
Windows secure boot chain, and we've seen real world examples of
malware wanting to do that.
https://lwn.net/Articles/986844/