Brieck's Pro
Journal Value 4 Value About
Brieck's Pro

Contents

Fix for: Verifying shim SBAT data failed: Security Policy Violation Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation

   366 words   2 minutes 

Introduction

After some recent updates where installed by Microsoft for Windows 11 Pro Microsoft 2024-08 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5041585), this is what happened when my laptop rebooted with Linux Mint 21.3 dual boot. /posts/fix-verifying-shim-sbat-data-failed/UpdatesThatBrokeLinuxBootLoader.png

Effectively Linux Mint was no longer considered trusted and the laptop refused to boot from Linux or anything. The system would show the follow error and then immediately power off.

Verifying shim SBAT data failed: Security Policy Violation Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation

/posts/fix-verifying-shim-sbat-data-failed/SBATErrorOnScreen.jpg

First got the error on Sept 8 2024.

The temporary work around

After doing some searching around on the error it became clear to me that this was a secure boot problem. Linux Mint Forums - Verifying shim SBAT data failed: Security Policy Violation And maybe I could just disable secure boot in the BIOS setting on my laptop.

Disable secure boot on my HP Elite Book 840 G5.

  1. Held down F10 to Enter Computer setup.

  2. Find the option in the BIOS menus to disabled secure boot

  3. Set the setting to Disabled Secure boot.

  4. Saved the bios changes and rebooted the laptop.

The laptop rebooted and Linux Mint and Windows 11 were both able to be selected to boot from as usual the error message was gone and I now had a functioning computer again.

The fix

/posts/fix-verifying-shim-sbat-data-failed/shim-signed.png

Since I disabled secure boot I paid close attention to all the updates descriptions that were in the Update Manager on Linux Mint 21.3. several weeks later on September 29th I noticed one updated package shim-signed description has some wording mentioning a Microsoft signed shim patch.

This package contains the version of the bootloader binary signed by the Microsoft UEFI CA.

After reading and installing the updates I tried the following to see if secure boot would work again.

Re-enable secure boot on HP Elite Book 840 G5.

  1. Held down F10 to Enter Computer setup.

  2. Find the option in the BIOS menus for secure boot

  3. Set the setting to Enable Secure boot.

  4. Saved the bios changes and rebooted the laptop.

After I re-enabled secure boot, the laptop worked error free again and all was well again with “secure” boot enabled.

Updated on 2024-12-19
Value for Value

Did you find this post helpful, entertaining, even valuable? Help keep independent sites like this online. Contribute some value for the value received

Back | Home