Following this month’s patch update on Tuesday, many Linux users reported that their dual boot that was supposed to run both Windows and Linux could not boot Linux and displayed an error.
The cryptic error message said, “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”
This was due to the August 2024 Windows updates released as part of its monthly patch to close a 2-year-old CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability, which could gravely impact Windows security.
In an advisory published last week, Microsoft said, “The vulnerability assigned to this CVE is in the Linux GRUB2 boot loader, a boot loader designed to support Secure Boot on systems that are running Linux.”
Microsoft also said, “The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems. You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.”
However, even after the company claimed that the dual systems wouldn’t be affected, many Linux users could not boot their devices after installing the update on the OS.
Currently, there is no exact list of the Linux distributions and versions that may be affected by this update, as the company has yet to acknowledge the error and reveal that the update may render some devices unable to boot.
Will Dormann, a senior vulnerability analyst at security firm Analygence has said, “At the end of the day, while Secure Boot does make booting Windows more secure, it seems to have a growing pile of flaws that make it not quite as secure as it’s intended to be.”
How to Fix it:
The only way to revive your device is to disable Secure Boot, install the latest version of the Linux distro, and re-enable Secure Boot.