[Bug 2077248] [NEW] Startup crash - "Verifying shim SBAT data failed" - 24.04 bootable USB and 20.04.6 dual boot

James McLaren 2077248 at bugs.launchpad.net
Sat Aug 17 23:17:46 UTC 2024 

Public bug reported:

There are several reports of this startup failure problem online -
"Verifying shim SBAT data failed: Security Policy Violation". The work
around is to disable Secure Boot in BIOS and then the startup proceeds
normally. I have a dual boot Windows 11 and 20.04.6LTS. Once you're then
logged in, a user suggested to delete the SBAT policy with "sudo mokutil
--set-sbat-policy delete". However, the Terminal now won't accept my
password but it's accepted elsewhere. The fix for this Terminal password
problem looked crazy, so I thought I would upgrade to 24.04 and created
a bootable USB. But this USB has the same SBAT startup problem on my
dual boot HP Envy and also on another Windows 11 HP laptop.

A user suggests the problem was caused by KB5041580 Windows 10
Cumulative Update build 19045.4780 (22H2) Aug. 13. Microsoft says,
"Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware
Interface (EFI)] This update applies SBAT to systems that run Windows.
This stops vulnerable Linux EFI (Shim bootloaders) from running. This
SBAT update will not apply to systems that dual-boot Windows and Linux.
After the SBAT update is applied, older Linux ISO images might not boot.
If this occurs, work with your Linux vendor to get an updated ISO
image."

Hopefully you can put the fix in with 24.04.1 so I can boot it properly
from USB and then upgrade.

You requested my /var/log/partman file but it doesn't exist and my
/var/log/installer/partman file does not have read permission so it
could not be attached to this report. You also requested the version of
the package I'm using. I believe this is a system problem so I don't
know how to answer.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 5.13.0-52.59~20.04.1-generic 5.13.19
Uname: Linux 5.13.0-52-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.27
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sat Aug 17 17:12:23 2024
InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
InstallationDate: Installed on 2022-02-13 (916 days ago)
InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
ProcEnviron:
 LANGUAGE=en_CA:en
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: ubiquity
Symptom: installation
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: ubiquity (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug focal ubiquity-20.04.15.17

** Attachment added: "syslog"
   https://bugs.launchpad.net/bugs/2077248/+attachment/5806733/+files/syslog

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/2077248

Title:
  Startup crash - "Verifying shim SBAT data failed" - 24.04 bootable USB
  and 20.04.6 dual boot

Status in ubiquity package in Ubuntu:
  New

Bug description:
  There are several reports of this startup failure problem online -
  "Verifying shim SBAT data failed: Security Policy Violation". The work
  around is to disable Secure Boot in BIOS and then the startup proceeds
  normally. I have a dual boot Windows 11 and 20.04.6LTS. Once you're
  then logged in, a user suggested to delete the SBAT policy with "sudo
  mokutil --set-sbat-policy delete". However, the Terminal now won't
  accept my password but it's accepted elsewhere. The fix for this
  Terminal password problem looked crazy, so I thought I would upgrade
  to 24.04 and created a bootable USB. But this USB has the same SBAT
  startup problem on my dual boot HP Envy and also on another Windows 11
  HP laptop.

  A user suggests the problem was caused by KB5041580 Windows 10
  Cumulative Update build 19045.4780 (22H2) Aug. 13. Microsoft says,
  "Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware
  Interface (EFI)] This update applies SBAT to systems that run Windows.
  This stops vulnerable Linux EFI (Shim bootloaders) from running. This
  SBAT update will not apply to systems that dual-boot Windows and
  Linux. After the SBAT update is applied, older Linux ISO images might
  not boot. If this occurs, work with your Linux vendor to get an
  updated ISO image."

  Hopefully you can put the fix in with 24.04.1 so I can boot it
  properly from USB and then upgrade.

  You requested my /var/log/partman file but it doesn't exist and my
  /var/log/installer/partman file does not have read permission so it
  could not be attached to this report. You also requested the version
  of the package I'm using. I believe this is a system problem so I
  don't know how to answer.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: ubiquity (not installed)
  ProcVersionSignature: Ubuntu 5.13.0-52.59~20.04.1-generic 5.13.19
  Uname: Linux 5.13.0-52-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.27
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Aug 17 17:12:23 2024
  InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu.seed maybe-ubiquity quiet splash ---
  InstallationDate: Installed on 2022-02-13 (916 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  ProcEnviron:
   LANGUAGE=en_CA:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubiquity
  Symptom: installation
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/2077248/+subscriptions

More information about the foundations-bugs mailing list