"Verifying shim SBAT data failed" after 15.5 update
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately. I learned that the solution is turning off secure boot, but now I can't even get into the BIOS; is the only message I see after booting, even if I press DEL at the same time as the power button, with or without CTL and ALT. Does anybody have any other suggestions? I'd even consider wiping the disk and doing a fresh installation . . . if I could get it to boot into anything else. -- Bob Rogers http://www.rgrjr.com/
Hello, In the Message; Subject : "Verifying shim SBAT data failed" after 15.5 update Message-ID : <26172.14635.395291.949959@orion.rgrjr.com> Date & Time: Wed, 8 May 2024 19:47:07 -0700 [BR] == Bob Rogers <rogers@rgrjr.com> has written: [...] BR> I learned that the solution is turning off secure boot, but now I BR> can't even get into the BIOS; is the only message I see after booting, BR> even if I press DEL at the same time as the power button, with or BR> without CTL and ALT. I used to use ENVY too, but I thought the ESC key --> F10 key, not the DEL key, was used to enter the BIOS. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "To hire for skills, firms will need to implement robust and intentional changes in their hiring practices ― and change is hard." -- Employers don’t practice what they preach on skills-based hiring --
From: Masaru Nomiya <nomiya@lake.dti.ne.jp> Date: Thu, 09 May 2024 12:23:02 +0900 Hello, BR> I learned that the solution is turning off secure boot, but now I BR> can't even get into the BIOS; is the only message I see after booting, BR> even if I press DEL at the same time as the power button, with or BR> without CTL and ALT. I used to use ENVY too, but I thought the ESC key --> F10 key, not the DEL key, was used to enter the BIOS. Excellent; thank you! I don't know if I ever knew that, or just forgot in a panic, but that was the clue I needed. (You can tell that I am not the original owner of this laptop, and don't have the original literature. Really, I should hunt down a PDF some day.) Thanks again, -- Bob
On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s...
From: Andrei Borzenkov <arvidjaar@gmail.com> Date: Thu, 9 May 2024 07:21:34 +0300 On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s... This doesn't seem to apply; I wasn't booting an old release. -- Bob
On Wed, May 08, 2024 at 10:59:55PM -0700, Bob Rogers wrote:
From: Andrei Borzenkov <arvidjaar@gmail.com> Date: Thu, 9 May 2024 07:21:34 +0300
On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s...
This doesn't seem to apply; I wasn't booting an old release.
15.5 beta is an old release from early 2023. If you mean 15.6 beta this should work.
From: Marcus Meissner <meissner@suse.de> Date: Fri, 10 May 2024 11:33:11 +0200 On Wed, May 08, 2024 at 10:59:55PM -0700, Bob Rogers wrote:
From: Andrei Borzenkov <arvidjaar@gmail.com> Date: Thu, 9 May 2024 07:21:34 +0300
On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy . . .
This doesn't seem to apply; I wasn't booting an old release.
15.5 beta is an old release from early 2023. Yes, which shows you how frequently I use this laptop (wrong keyboard, screen too small, and I hate mouse pads -- and am not fond of mice in general). But I need it rather urgently for a business trip I am taking in two days. If you mean 15.6 beta this should work. After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.) So I am in the process of installing the openSUSE Leap 15.6 release candidate, and I notice on the main installer options page a "Secure boot" choice, which defaults to "enabled". I am wondering what happens if I disable that, or does that send me down another less-than-well- tested path of pain in the booty? -- Bob
On 2024-05-18 19:58, Bob Rogers wrote:
After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain. Just saying, in case it applies, because I have been bitten by it :-) I will read the rest of the thread later. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
From: "Carlos E. R." <robin.listas@telefonica.net> Date: Sun, 19 May 2024 00:18:10 +0200 On 2024-05-18 19:58, Bob Rogers wrote:
After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain. The clock kept resetting to 8-Jan-24, which was annoying, but nothing failed quite so catastrophically as the problems you mention. (When the power went off because the cord jiggled, emacs refused to recover something from its autosave file because it thought the autosave was too old, but that was easily worked around.) And the new battery has arrived, so this will soon cease to be an issue, but thanks for the warning. -- Bob
On 2024-05-19 01:59, Bob Rogers wrote:
From: "Carlos E. R." <robin.listas@telefonica.net> Date: Sun, 19 May 2024 00:18:10 +0200
On 2024-05-18 19:58, Bob Rogers wrote:
> After "zypper dup" and extensive subsequent updates, I tried it anyway > (thanks, Andrei, Marcus), and it seemed to work temporarily, but then > failed again. (I would be happy keeping "secure boot" permanently off > in the BIOS, but part of the immediate problem is that the battery is > thoroughly dead, so the BIOS keeps forgetting. I am getting a new > battery today, but it would be nice to kill this useless pseudo-security > rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain.
The clock kept resetting to 8-Jan-24, which was annoying, but nothing failed quite so catastrophically as the problems you mention. (When the power went off because the cord jiggled, emacs refused to recover something from its autosave file because it thought the autosave was too old, but that was easily worked around.) And the new battery has arrived, so this will soon cease to be an issue, but thanks for the warning.
Jan-24 is not that bad - when I had that kind of problem there was a time difference of a decade. Ok, good that you have the battery problem solved, one thing less to look at. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
participants (5)
-
Andrei Borzenkov -
Bob Rogers -
Carlos E. R. -
Marcus Meissner -
Masaru Nomiya