KB5041585 Breaks Linux Dual Boot: Verifying Shim SBAT Data Failed

Windows 11 Update Breaks Linux Dual Boot – Verifying Shim SBAT Data Failed

On August 13, 2024, Microsoft released the security update KB5041585 for Windows 11 23H2 and 22H2. This update addresses many problems including the BitLocker recovery screen, the CVE-2024-38143 error, and so on. However, this update caused Windows and Linux dual-boot devices to be unable to boot Linux. When you are trying to load Linux, you will receive this error message: Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.

Here is a true example:

It seems that with the recent Windows Update, systems that have dual-boot are not letting Grub start, showing the message: Verifying shim SBAT data failed: Security Policy Violation. Does anyone know what can I do to fix this?askubuntu.com

Are you encountering this error? If not, keep reading to learn how to prevent this from happening. If yes, here are the detailed instructions for resolving the issue.

Fixes to Windows 11 KB5041585 Issues: PC Lags/Vanguard Crashes

Are you suffering from Windows 11 KB5041585 issues such as PC slowdown and Vanguard crashes? Now read this post to get some fixes.

Read More

What Should You Do Before Installing Windows 11 August Update KB5041585

According to Microsoft’s statement, the Verifying shim SBAT data failed error appears because the August update enables the Secure Boot Advanced Targeting (SBAT) settings to block vulnerable boot managers. However, the dual boot system was not correctly identified and was directly blocked. If you have not yet installed this update, you can use the following method as a precautionary measure.

Step 1. Type cmd in the Windows search box, and then click the Run as administrator option under Command Prompt from the right panel.

Step 2. Input the following command line and press Enter to execute it:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

How to Fix KB5041585 Breaks Linux Dual Boot After Installing August 2024 Security Update

What measures can you take to resolve the Verifying shim SBAT data failed error if you have installed the update? You can choose to disable the secure boot and prevent future SBAT updates. Here are the steps.

Step 1. Open the computer’s BIOS menu by pressing and holding a specific key like F1, F2, F12, or Esc (depending on your computer manufacturer) while your PC is booting.

Step 2. Find the secure boot setting in your BIOS menu and use your keyboard to disable it.

Step 3. Boot your Linux system.

Step 4. Press the Ctrl + Alt + T keyboard shortcut to open your terminal. Then type the following command and press Enter:

sudo mokutil –set-sbat-policy delete

Step 5. Reboot into the Linux system, and then execute mokutil –list-sbat-revocations in the terminal.

Step 6. Access your BIOS settings menu again, and then enable the secure boot.

Step 7. Open the terminal and execute this command: mokutil –sb-state.

Step 8. Boot into Windows, and then open Command Prompt as administrator.

Step 9. Type the following command line and hit Enter:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD

After performing the above operations, now you are able to boot your Linux system without receiving the Verifying shim SBAT data failed error message.

MiniTool Power Data Recovery FreeClick to Download100%Clean & Safe

Windows 11 KB5041585 Not Installing | Best Fixes

This tutorial explains how to download and install Windows 11 KB5041585 and how to address the “KB5041585 not installing” issue.

Read More

Bottom Line

This post details the information and solutions to the Verifying shim SBAT data failed error after installing the Windows 11 August 2024 security update. Hope you can restore the dual-boot function of Linux and Windows after performing the above steps.