Verifying shim SBAT data failed: Security Policy Violation
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
- Level 1
- Posts: 4
- Joined: Fri Mar 10, 2023 1:45 pm
Verifying shim SBAT data failed: Security Policy Violation
Linux Mint 21.3 has been running well since being installed 27/05/2024 with Secure boot enabled. Today when I started the laptop I see the below message for a few seconds and then the laptop shuts down…
“Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation”
The only way I can get the laptop up and running is to disable Secure Boot
I have tried Timeshift to revert back to the original installation
I have tried sudo update-grub
I am dual booting Linux Mint 21.3 Virginia MATE / Windows 11 on a Dell Inspiron 15 3585 Laptop
Can anybody advise what's gone wrong and possible fix
“Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation”
The only way I can get the laptop up and running is to disable Secure Boot
I have tried Timeshift to revert back to the original installation
I have tried sudo update-grub
I am dual booting Linux Mint 21.3 Virginia MATE / Windows 11 on a Dell Inspiron 15 3585 Laptop
Can anybody advise what's gone wrong and possible fix
Re: Verifying shim SBAT data failed: Security Policy Violation
This just happened to me, suspiciously the day after Windows installed an update, so it isn't just you. I was able to boot by switching the Secure Boot mode in the BIOS from "Windows UEFI" to "Other OS". I don't know if that's a bad idea, but if it works for me, it works.
Re: Verifying shim SBAT data failed: Security Policy Violation
Windows has gone wrong and it was yesterday's update.
It appears that Mint has a shim version that MS SBAT doesn't recognize --
Note that Windows says this update won't apply to systems that dual-boot Windows and Linux. This obviously isn't true, and likely depends on your system configuration and the distribution being run. It appears to have made some linux efi shim bootloaders incompatible with microcrap efi bootloaders (that's why shifting from MS efi to 'other OS' in efi setup works.[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
It appears that Mint has a shim version that MS SBAT doesn't recognize --
work with your Linux vendor to get an updated ISO image
-
- Level 1
- Posts: 1
- Joined: Thu Aug 15, 2024 2:25 am
Re: Verifying shim SBAT data failed: Security Policy Violation
Yeah it just happened now but what I don't understand is I made the Update yesterday and booted several times since then.
I booted this morning and it worked now I came back after breakfast and see this.
I changed the Bootloader to Windows after reading it's a bootloader issue and of course this one worked.
Why does windows interfere with grub anyway?
I booted this morning and it worked now I came back after breakfast and see this.
I changed the Bootloader to Windows after reading it's a bootloader issue and of course this one worked.
Why does windows interfere with grub anyway?
-
- Level 1
- Posts: 1
- Joined: Thu Aug 15, 2024 3:36 am
Re: Verifying shim SBAT data failed: Security Policy Violation
Happened to me as well yesterday. Tried googling on what happened since it literally came out of blue but couldn't find any specific info. Thought the problem is on my end, so in the end came across the link that shows how to reset sbat and done it. https://en.opensuse.org/openSUSE:UEFI#R ... Leap_image
Are there any consequences in doing so?
Are there any consequences in doing so?
-
- Level 1
- Posts: 4
- Joined: Fri Mar 10, 2023 1:45 pm
Re: Verifying shim SBAT data failed: Security Policy Violation
I put the UEFI back to Secure Boot “Enabled” and installed Linux Mint 22 “Wilma”. Now, so far the problem has not occurred. A bit drastic perhaps but Mint 22 seams to work quicker that 21.3.
Thanks all for the info provided
Thanks all for the info provided
Re: Verifying shim SBAT data failed: Security Policy Violation
Windows is now the arbiter of what bootloaders will be allowed to run on a secure boot system with windows installed. Only Microsoft approved loaders will be allowed, and Windows can change the allowed shims at will. It's going to be impossible to keep up.
-
- Level 1
- Posts: 1
- Joined: Thu Aug 15, 2024 11:28 am
Re: Verifying shim SBAT data failed: Security Policy Violation
Hello,
Thanks a lot for posting this. It happened the same to me in my dual boot with Ubuntu 22 and Win10.
What worked for me was to follow the instructions in: https://discourse.ubuntu.com/t/sbat-rev ... cess/34996
In case this can help anyone, here is what worked for me:
1. Disable Secure Boot
2. Log into your Ubuntu user and open a terminal
3. Delete the SBAT policy with:
4. Reboot your PC and log back into Ubuntu to update the SBAT policy
5. Reboot and then re-enable secure boot in your BIOS.
Sorry if this is off topic since its related to Ubuntu and not Mint. I just wanted to put what worked for me on the top link that appeared when I searched online.
I hope this helps!
Thanks a lot for posting this. It happened the same to me in my dual boot with Ubuntu 22 and Win10.
What worked for me was to follow the instructions in: https://discourse.ubuntu.com/t/sbat-rev ... cess/34996
In case this can help anyone, here is what worked for me:
1. Disable Secure Boot
2. Log into your Ubuntu user and open a terminal
3. Delete the SBAT policy with:
Code: Select all
sudo mokutil --set-sbat-policy delete
5. Reboot and then re-enable secure boot in your BIOS.
Sorry if this is off topic since its related to Ubuntu and not Mint. I just wanted to put what worked for me on the top link that appeared when I searched online.
I hope this helps!
Re: Verifying shim SBAT data failed: Security Policy Violation
Same thing Just happened to me.
I will look into it when I have more time.
Just relieved it's not a virus.
It's been a few years since I last clean installed windows and mint and had a few hardware changes in the meantime.
So guess it's time.
I had gotten everything installed so nice and didn't want that much work or downtime on my PC.
Sigh well at least I might upgrade my drives.
I will look into it when I have more time.
Just relieved it's not a virus.
It's been a few years since I last clean installed windows and mint and had a few hardware changes in the meantime.
So guess it's time.
I had gotten everything installed so nice and didn't want that much work or downtime on my PC.
Sigh well at least I might upgrade my drives.
Re: Verifying shim SBAT data failed: Security Policy Violation
Here is a possible solution
After the last Win 11 update, I had the same problem on my dual-boot system (Mint 21.3 + Win 11, each on individual SSDs).
The message: ‘Verifying shim SBAT data failed: Security policy violation
Something went seriously wrong: SBAT self-test failed: Security Policy Violation' appears and the PC shuts down immediately.
I therefore wanted to install Mint 22 (Wilma), as Mint 21.3 was still in a ‘test phase’ as a replacement for Windows anyway.
My solution was as follows:
- Create a boot stick with Mint 22 (on another PC)
- Start the PC from the boot stick (boot menu with F12 or similar, depending on the motherboard manufacturer)
- Only start Mint 22 from the USB stick, do not install it
- Exit Mint 22 again, remove the USB stick, re-sat and boot from the HD/SSD
- The Linux boot menu then appears as usual and you can start Mint 21.3 or Win 11
After the last Win 11 update, I had the same problem on my dual-boot system (Mint 21.3 + Win 11, each on individual SSDs).
The message: ‘Verifying shim SBAT data failed: Security policy violation
Something went seriously wrong: SBAT self-test failed: Security Policy Violation' appears and the PC shuts down immediately.
I therefore wanted to install Mint 22 (Wilma), as Mint 21.3 was still in a ‘test phase’ as a replacement for Windows anyway.
My solution was as follows:
- Create a boot stick with Mint 22 (on another PC)
- Start the PC from the boot stick (boot menu with F12 or similar, depending on the motherboard manufacturer)
- Only start Mint 22 from the USB stick, do not install it
- Exit Mint 22 again, remove the USB stick, re-sat and boot from the HD/SSD
- The Linux boot menu then appears as usual and you can start Mint 21.3 or Win 11
-
- Level 1
- Posts: 1
- Joined: Fri Aug 16, 2024 7:07 am
Re: Verifying shim SBAT data failed: Security Policy Violation
What commands to use to find this Secure Boot mode and change from "Windows UEFI" to "Other OS" ??Oktayey wrote: ⤴Wed Aug 14, 2024 3:07 pm This just happened to me, suspiciously the day after Windows installed an update, so it isn't just you. I was able to boot by switching the Secure Boot mode in the BIOS from "Windows UEFI" to "Other OS". I don't know if that's a bad idea, but if it works for me, it works.
Re: Verifying shim SBAT data failed: Security Policy Violation
Spam delete key on startup and enter UEFI "BIOS" and go to the security settings turn off secure boot save and exit.luizamariaschwinn wrote: ⤴Fri Aug 16, 2024 7:11 amWhat commands to use to find this Secure Boot mode and change from "Windows UEFI" to "Other OS" ??Oktayey wrote: ⤴Wed Aug 14, 2024 3:07 pm This just happened to me, suspiciously the day after Windows installed an update, so it isn't just you. I was able to boot by switching the Secure Boot mode in the BIOS from "Windows UEFI" to "Other OS". I don't know if that's a bad idea, but if it works for me, it works.
Don't know your system if you give more info I can give specifics
Re: Verifying shim SBAT data failed: Security Policy Violation
Update
I tried booting from a Mint USB stick, but the system wouldn't boot.
So I reset the security keys db in UEFI, and I was able to boot from a Mint USB stick afterward. After rebooting the system, I could run Linux Mint 21.3 Virginia normally again.
Even though I have everything working normally.
I have backed up everything onto a new NVME drive and I've decided to wipe all systems and re-arrange the system drives now anyway.
I hope this helps people
Turning off secure boot is a temporary fix to get into system.
Resetting the security Key db in UEFI "BIOS" seemed to fix my problems or the booting into a Mint USB stick as previously reported.
I will be back if anyone has questions I can help with, after I reinstall windows 11 and then Mint 22
I tried booting from a Mint USB stick, but the system wouldn't boot.
So I reset the security keys db in UEFI, and I was able to boot from a Mint USB stick afterward. After rebooting the system, I could run Linux Mint 21.3 Virginia normally again.
Even though I have everything working normally.
I have backed up everything onto a new NVME drive and I've decided to wipe all systems and re-arrange the system drives now anyway.
I hope this helps people
Turning off secure boot is a temporary fix to get into system.
Resetting the security Key db in UEFI "BIOS" seemed to fix my problems or the booting into a Mint USB stick as previously reported.
I will be back if anyone has questions I can help with, after I reinstall windows 11 and then Mint 22
-
- Level 1
- Posts: 1
- Joined: Fri Aug 16, 2024 1:58 pm
Re: Verifying shim SBAT data failed: Security Policy Violation
Hello, @manutheeng
Recently I had the same issue with my dual boot(Mint/Win) after the OS reboot from the following Windows updates:
Thank you very much!
Recently I had the same issue with my dual boot(Mint/Win) after the OS reboot from the following Windows updates:
- august-13-2024-kb5042352-cumulative update for net framework-3-5-4-8-and-4-8-1-for-windows-10-version-22h2
- august-13-2024-kb5041580-os-builds-19044-4780-and-19045-4780
Thank you very much!
manutheeng wrote: ⤴Thu Aug 15, 2024 11:35 am 1. Disable Secure Boot
2. Log into your Ubuntu user and open a terminal
3. Delete the SBAT policy with:4. Reboot your PC and log back into Ubuntu to update the SBAT policyCode: Select all
sudo mokutil --set-sbat-policy delete
5. Reboot and then re-enable secure boot in your BIOS.
Last edited by karlchen on Mon Aug 19, 2024 5:18 am, edited 1 time in total.
Reason: shortened full post quote to the relevant steps
Reason: shortened full post quote to the relevant steps
Martian's Mint
Re: Verifying shim SBAT data failed: Security Policy Violation
Hi there. My computer turns off after show that message. How can I access to GRUBs command line?
Re: Verifying shim SBAT data failed: Security Policy Violation
If your computer is turning off immediately after the message, you can access the grub's by clicking esc and F10 repeatedly. It's works for my laptop HP
Last edited by SMG on Sat Aug 17, 2024 10:24 am, edited 1 time in total.
Reason: Added quote tags to indicate the response is answering a question someone asked.
Reason: Added quote tags to indicate the response is answering a question someone asked.
Re: Verifying shim SBAT data failed: Security Policy Violation
I was getting this error message too. I installed mint several days ago, was using with no issues. I frequently would shut down my laptop at light then turn it back on no problem. I booted into windows 11 and it started a random un-cancellable update. The update took 15 minutes on a gigabit fiber connection which I thought was strange because usually the updates only take like 3 minutes. I use the windows then decide to boot into linux mint and it boots with a broken gui. My window manager which is the default one for LDME made everything super tiny. I restarted my system and still everything was super tiny. I restarted it again and then I got the SBAT Security Policy Violation error.
All this started happening as soon as the windows did its surprise update.
I did what all of you talked about in this forum and I went into my bios and disabled secure boot as well as fast boot. I am using a new asus laptop which is not very linux friendly but this worked for me.
My conspiracy theory is that microsoft intentionally rolled out a windows update to mess with linux users that are dual booting but I have no proof obviously.
All this started happening as soon as the windows did its surprise update.
I did what all of you talked about in this forum and I went into my bios and disabled secure boot as well as fast boot. I am using a new asus laptop which is not very linux friendly but this worked for me.
My conspiracy theory is that microsoft intentionally rolled out a windows update to mess with linux users that are dual booting but I have no proof obviously.
Re: Verifying shim SBAT data failed: Security Policy Violation
What worked for me was to change Option 1 from Linux Mint to Windows, and Option 2 is now Linux Mint. As soon as I did that and then came out of safe mode, the PC started up as normal with Windows. Fingers crossed it will continue to do so.
I am using a Dell PC and to get into safe mode after the message about something going seriously wrong (as written out by seeauser7) (after which the PC was switching itself off), I hit the F8 key repeatedly as soon as the PC was turning on and before that message appeared. That brought up 'Dell' on the screen, along with two choices: F2 and another key (I forget which), and I chose F2. From there, I selected 'Boot', and then changed the options.
Edit: The change I made means that the screen where you choose which system you want to use does not appear before start-up. It just opens up Windows straight away. This is fine for me, as I was having issues with Linux and hadn't been using it anyway.
Maybe this info will help someone else.
I am using a Dell PC and to get into safe mode after the message about something going seriously wrong (as written out by seeauser7) (after which the PC was switching itself off), I hit the F8 key repeatedly as soon as the PC was turning on and before that message appeared. That brought up 'Dell' on the screen, along with two choices: F2 and another key (I forget which), and I chose F2. From there, I selected 'Boot', and then changed the options.
Edit: The change I made means that the screen where you choose which system you want to use does not appear before start-up. It just opens up Windows straight away. This is fine for me, as I was having issues with Linux and hadn't been using it anyway.
Maybe this info will help someone else.
Re: Verifying shim SBAT data failed: Security Policy Violation
This worked like a gem for me. Thank you guys. Cheers from Brazil
manutheeng wrote: ⤴Thu Aug 15, 2024 11:35 am 1. Disable Secure Boot
2. Log into your Ubuntu user and open a terminal
3. Delete the SBAT policy with:4. Reboot your PC and log back into Ubuntu to update the SBAT policyCode: Select all
sudo mokutil --set-sbat-policy delete
5. Reboot and then re-enable secure boot in your BIOS.
Last edited by karlchen on Mon Aug 19, 2024 5:18 am, edited 1 time in total.
Reason: shortened full post quote to the relevant steps
Reason: shortened full post quote to the relevant steps
Re: Verifying shim SBAT data failed: Security Policy Violation
Thanks for this. It didn't work for me, but I realised I was still using Mint 20.2. I upgraded to 20.3, and then immediately upgraded to 21.manutheeng wrote: ⤴Thu Aug 15, 2024 11:35 am In case this can help anyone, here is what worked for me:
1. Disable Secure Boot
2. Log into your Ubuntu user and open a terminal
3. Delete the SBAT policy with:4. Reboot your PC and log back into Ubuntu to update the SBAT policyCode: Select all
sudo mokutil --set-sbat-policy delete
5. Reboot and then re-enable secure boot in your BIOS.
The 21 upgrade had some issues with missing libcrypto.so.1.1 in the logs (/var/log/apt/term.log). Installed it manually and immediately continued and finished the Mint upgrade.
After rebooting I followed the steps again and can now boot Windows with Secure Boot. Thanks!
Last edited by karlchen on Mon Aug 19, 2024 5:19 am, edited 1 time in total.
Reason: shortened full post quote to the relevant steps
Reason: shortened full post quote to the relevant steps