Fedora fails to boot after firmware update, freezes on Microsoft logo #1162
Description
EDIT by @StollD:
The TL;DR; of this issue: After a recent firmware update, Fedora fails to boot and freezes on the Microsoft logo.
The new firmware ships with a security feature called NX mode. It means that the firmware will not allocate memory that is readable, writable and executable by default. Applications can set a flag in their binary during compilation to indicate whether they are compatible with NX mode, and the UEFI should only turn it on when the applications indicate compatibility.
Unfortunately, Microsoft decided to ignore this flag and are always enabling NX mode.
There are three different issues that play into this:
- The Linux kernel is not yet fully compatible with NX mode and requires memory that is readable, writeable and executable.
- The Linux kernel (wrongly) indicates compatibility with NX mode to GRUB
- Fedoras GRUB is following the spec and loads the kernel into memory that is readable and executable.
The combination of all three issues makes the UEFI refuse to execute the kernel and freezes the machine on the Microsoft logo. Fix one of them, and the issue goes away. Unfortunately, this is nothing that we (as in, some random person on the internet) can fix.
- Patching NX support into the kernel won't fix the stock kernel or the installation image
- Same applies for removing the wrong compatibility flag
- We can't ship a patched GRUB since that would not work with Secure Boot, and you would need a different distro or a modified Fedora installer to install it.
This means, that you have to wait until Fedora releases new images with a kernel that contains NX support. The required patches are heading for version 6.6 / 6.7, so Fedora 40 will probably work....
Some additional notes (IMPORTANT):
- This is specific to Fedora and their GRUB patches. I guess RHEL and co. are affected too.
- There is a second, slightly different issue, that affects much more distributions: Enrolling secureboot keys makes the device freeze on the Microsoft logo after firmware update #1274
- Even if you decide to wait for the kernel patches to land, you will need to boot an installer and chroot into your installation to install the updates, since GRUB will not boot any kernel currently on your
/bootpartition. - Booting a Fedora ISO with Ventoy works, since it uses its own GRUB binary without the Fedora patches.
The only two immideate solutions are:
- Switching to a different distro (e.g. Ubuntu)
- Downgrading the firmware
Downgrading the firmware isn't really hard or dangerous, but it can be intimidating. @Ramen-LadyHKG wrote a guide for it here: https://docs.google.com/document/d/1HxZmOYyqZc28vXW1nDai0VP44HoJ34suQU4cNyzylq4/edit?pli=1#heading=h.c4syy2y3jr31, but it references the firmware files for Surface Book 2 and Surface Pro 5 / 6 directly.
If you want to do this on a different model, you need to find the old firmware on the MS update catalog: https://www.catalog.update.microsoft.com/Home.aspx.
Also feel free to ask for assistance with the downgrade process in our support channel on Matrix: https://matrix.to/#/#linux-surface-support:matrix.org
Original post:
(This is not linux-surface problem. Can I get some help here?)
[Description of the bug or feature]
My Surface Book 2 just updated its UEFI firmware due to a Windows automatically update.
After that, my EFI table seems to have broken.
Except for the Windows operating system that I am dual booting with, all Linux systems are no longer bootable. Fedora and Arch.
For more details: https://www.reddit.com/r/SurfaceLinux/comments/146sjo7/my_sb2_stuck_on_logo_when_booting_windows_updates/
Solution:
Anyway, downgrading the firmware is the only viable option that I can think of.
https://github.com/linux-surface/surface-uefi-firmware
I tried to follow the instructions that you provided in this document.
However, Microsoft has not been releasing any newer firmware package since 26th-June,2022.
Surface Book 2 Drivers and Firmware:
Surface Book 2 update history:
But I don't understand why Microsoft is still releasing firmware updates through Windows Updates.
### Questions:
- Is downgrading still viable?
I've just read this post, Microsoft seems to have blocked user from doing that? - Where can I find newer surface firmware other than Windows Update?
Environment
- Hardware model: Surface Book 2 15"
- Kernel version: 6.3.5.arch-1-1-surface
- Distribution: Arch Linux