Verifying shim SBAT data failed: Security Policy Violation

After a Windows 10 update from August 13, 2024 (KB5041580), I decided to format the computer and install Zorin OS. The USB doesn't boot and displayed a message "Verifying shim SBAt data failed: Security Policy Violation". In other computer that doesn't applied the Windows update, the USB booted with Secure Boot enabled. For now I have to disable Secure Boot in order to boot Zorin OS 17.1 r2 (latest ISO for now). It's because MS decided to revoke some Linux bootloaders with this update, textually on the release notes read:

  • [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies SBAT to systems that run Windows. This stops vulnerable Linux EFI (Shim bootloaders) from running. This SBAT update will not apply to systems that dual-boot Windows and Linux. After the SBAT update is applied, older Linux ISO images might not boot. If this occurs, work with your Linux vendor to get an updated ISO image.
    Source: August 13, 2024—KB5041580 (OS Builds 19044.4780 and 19045.4780) - Microsoft Support . I hope you release an updated ISO and restore the Secure Boot functionality. FYI I'm not dual booting, Zorin OS 17.1 r2 is the only operating system in this computer. Because I used Windows and decided to switch to Zorin AFTER i installed these update
1 Like

!Hola¡ Ramiro, bienvenido.

Having done some research, this is the only solution currently available. It even affects machines with separate drives:

Thanks! Ubuntu published a guide on how to work around this:

They will release updated media for 22.04 and 24.04 soon.
I hope that Zorin will do it too.

2 Likes

It looks like this may be related:

4 Likes

I just installed Zorin on my dual drive PC to have dual boot into Win 11 and Zorin. The above patch does not seem to work for me. The secure boot requirement is needed for the PC to run Valorant with anti-cheat turned on. So, I need a proper patch to have both PC and Zorin bootable without switching on/off the secure boot. Will watch the release on 29 Aug.

I just tried to install Zorin 17 Pro for a dual boot (new compie), same message. Please, get us a way past this monopolistic "$afety mea$ure$" to advantage Micro$oft.

1 Like

So Microsoft is releasing updates to break intentionally other OSes installed on users' computers? Is it this that you all mean?

1 Like

Seems like it. Currently looking at Virt-Manager to run windows in a virtual machine inside Zorin.

1 Like

window break GIF by South Park

1 Like

I have posted a temporary fix based on an arstechnica web page about this issue here:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.