2

There are a number of threads on this, but my situation appears a little different when I try the suggested resolutions. Yesterday my dual boot pc updated Windows 10. When I tried logging into Ubuntu today, I got the "Verifying shim SBAT data failed: Security Policy Violation" message.

I pressed the Power button, hit F2 repeatedly, and I got to the screen that allowed me to disable Secure Boot, and I saved it. Then it came up with the usual screen to select Windows or Ubuntu, and I select Ubuntu. It looks like Ubuntu might come up, but then it comes back with the screen asking me to select Windows or Ubuntu. So I cannot get Ubuntu up to run the mokutil command that I have read elsewhere. Windows will come up if I select it.

Are there any other methods to get Ubuntu started? Do I have to do a new install?

KJ_YEG
  • 63

2 Answers2

3

Are you running an old version of Ubuntu or one that has not been updated? You need the newer shim or turn off Secure Boot.

Since November 2022, several Linux distributions, including Ubuntu 22.04.2 and 20.04.6, have upgraded to shim 15.7, which provides a critical security update to address various vulnerabilities in the boot stack. To address this issue, it is recommended that users switch to newer installer media, such as Ubuntu 22.04.2, Ubuntu 20.04.6, and equivalent updated media from other distributions.

https://discourse.ubuntu.com/t/sbat-revocations-boot-process/34996

Using my 24.04 Kubuntu shows slightly newer version:

fred@z170-noble:~$ dpkg -s shim-signed | grep Version
Version: 1.58+15.8-0ubuntu1

Sbat Windows update stops old Linux shim from working

https://support.microsoft.com/en-us/topic/august-13-2024-security-update-kb5041160-3e8026f2-bb4c-4c1c-9855-d41e1b5b1bd9

See link below by user user535733 Has details on update, update procedure available after August 29th, 2024. Only applies to dual boot Windows systems with UEFI Secure boot on.

oldfred
  • 12,583
0

If for some reason you cannot boot your system or cannot turn off secure boot, another option might be to boot a recent Ubuntu LiveUSB ISO (24.10 worked for me) and manually update the Shim binary on the /boot/efi partition to version 15.8 or later as described in this thread: https://askubuntu.com/a/1543003/879530

Good luck!

akdev
  • 11