Not really a question but since I can't comment on threads, for example here (new acc) - Verifying shim SBAT data failed: Security Policy Violation I wanted to share a solution for those who face the same problem as me.
If for whatever reason you did not proceed with clean install of Ubuntu 24.04 and instead performed an upgrade from 22.04 (never again), your shim, shim-signed and grub-efi-amd64 may not be up to date. In this case you should upgrade them (or reinstall in case of grub-efi-amd64 if you already have the newest version).
- First, turn off Secure Boot in BIOS, and log-in to your Ubuntu system;
sudo apt update- Upgrade packages:
sudo apt upgrade shim shim-signed grub-efi-amd64 - Reinstall GRUB (if newest version):
sudo apt install --reinstall grub-efi-amd64
shim and shim-signed are particularly important in this case because upgrading these packages resolves the problem described in https://discourse.ubuntu.com/t/sbat-self-check-failed-mitigating-the-impact-of-shim-15-7-revocation-on-the-ubuntu-boot-process-for-devices-running-windows/47378, updating them to version 15.8.
After performing the update/reinstall, ensure that your /etc/default/grub file contains the appropriate configuration. In case of reinstalling grub-efi-amd64, if you had any custom GRUB settings, the installer will prompt you to select an option related to the configuration file – I would recommend selecting the maintainer's version (it will set your configuration back to default) After choosing an option and finishing the installation, make the necessary changes in the configuration file – in my case, this involved the following settings:
GRUB_TIMEOUT_STYLE=menu
GRUB_TIMEOUT=10
These settings ensure that the GRUB menu is displayed and that it stays visible for 10 seconds. After making these changes, update GRUB:
sudo update-grub
and reboot.
Log-in to your Ubuntu once again (with Secure Boot off) and reboot again. After second reboot, turn Secure Boot on in BIOS - after completing all these steps, you should see the GRUB menu again and be able to boot with Secure Boot enabled.
