"Verifying shim SBAT data failed" after 15.5 update
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately. I learned that the solution is turning off secure boot, but now I can't even get into the BIOS; is the only message I see after booting, even if I press DEL at the same time as the power button, with or without CTL and ALT. Does anybody have any other suggestions? I'd even consider wiping the disk and doing a fresh installation . . . if I could get it to boot into anything else. -- Bob Rogers http://www.rgrjr.com/
Hello,
In the Message;
Subject : "Verifying shim SBAT data failed" after 15.5 update
Message-ID : <26172.14635.395291.949959@orion.rgrjr.com>
Date & Time: Wed, 8 May 2024 19:47:07 -0700
[BR] == Bob Rogers
From: Masaru Nomiya
On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s...
From: Andrei Borzenkov
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s... This doesn't seem to apply; I wasn't booting an old release. -- Bob
On Wed, May 08, 2024 at 10:59:55PM -0700, Bob Rogers wrote:
From: Andrei Borzenkov
Date: Thu, 9 May 2024 07:21:34 +0300 On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy (not sure how old but it has a Windows 8 sticker on the bottom) with 15.5 beta (because I've been lazy about doing a "zypper dup") on which I just did an update, the first since 26-Apr, so I got a new kernel. When I attempted to reboot, I got "Verifying shim SBAT data failed: Security Policy Violation" and the system shut down immediately.
https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_s...
This doesn't seem to apply; I wasn't booting an old release.
15.5 beta is an old release from early 2023. If you mean 15.6 beta this should work.
From: Marcus Meissner
From: Andrei Borzenkov
Date: Thu, 9 May 2024 07:21:34 +0300 On 09.05.2024 05:47, Bob Rogers wrote:
I have an old HP Envy . . .
This doesn't seem to apply; I wasn't booting an old release.
15.5 beta is an old release from early 2023. Yes, which shows you how frequently I use this laptop (wrong keyboard, screen too small, and I hate mouse pads -- and am not fond of mice in general). But I need it rather urgently for a business trip I am taking in two days. If you mean 15.6 beta this should work. After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.) So I am in the process of installing the openSUSE Leap 15.6 release candidate, and I notice on the main installer options page a "Secure boot" choice, which defaults to "enabled". I am wondering what happens if I disable that, or does that send me down another less-than-well- tested path of pain in the booty? -- Bob
On 2024-05-18 19:58, Bob Rogers wrote:
After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain. Just saying, in case it applies, because I have been bitten by it :-) I will read the rest of the thread later. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
From: "Carlos E. R."
After "zypper dup" and extensive subsequent updates, I tried it anyway (thanks, Andrei, Marcus), and it seemed to work temporarily, but then failed again. (I would be happy keeping "secure boot" permanently off in the BIOS, but part of the immediate problem is that the battery is thoroughly dead, so the BIOS keeps forgetting. I am getting a new battery today, but it would be nice to kill this useless pseudo-security rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain. The clock kept resetting to 8-Jan-24, which was annoying, but nothing failed quite so catastrophically as the problems you mention. (When the power went off because the cord jiggled, emacs refused to recover something from its autosave file because it thought the autosave was too old, but that was easily worked around.) And the new battery has arrived, so this will soon cease to be an issue, but thanks for the warning. -- Bob
On 2024-05-19 01:59, Bob Rogers wrote:
From: "Carlos E. R."
Date: Sun, 19 May 2024 00:18:10 +0200 On 2024-05-18 19:58, Bob Rogers wrote:
> After "zypper dup" and extensive subsequent updates, I tried it anyway > (thanks, Andrei, Marcus), and it seemed to work temporarily, but then > failed again. (I would be happy keeping "secure boot" permanently off > in the BIOS, but part of the immediate problem is that the battery is > thoroughly dead, so the BIOS keeps forgetting. I am getting a new > battery today, but it would be nice to kill this useless pseudo-security > rigmarole once and for all.)
I have not read the entire thread, but I noticed this part. If the battery is dead, and the BIOS clock dies, a computer hits security problems as soon as it hits things dated today. Specifically, security certificates fail. Web browsing and downloading things become a pain.
The clock kept resetting to 8-Jan-24, which was annoying, but nothing failed quite so catastrophically as the problems you mention. (When the power went off because the cord jiggled, emacs refused to recover something from its autosave file because it thought the autosave was too old, but that was easily worked around.) And the new battery has arrived, so this will soon cease to be an issue, but thanks for the warning.
Jan-24 is not that bad - when I had that kind of problem there was a time difference of a decade. Ok, good that you have the battery problem solved, one thing less to look at. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
participants (5)
-
Andrei Borzenkov
-
Bob Rogers
-
Carlos E. R.
-
Marcus Meissner
-
Masaru Nomiya