Fix: Verifying Shim SBAT Data Failed – Security Policy Violation

Abdullah IqbalPublished on July 9, 2025
Abdullah is a certified Google IT Support Professional.

The error “Verifying shim SBAT data failed: Security Policy Violation” usually appears on computers that have both Windows and Linux installed (dual-boot). It occurs when a security feature called Secure Boot blocks Linux from starting.

This happens because Linux uses an older startup file (called Shim or GRUB) that doesn’t match the latest security rules introduced by Microsoft through recent Windows updates. These updates make Secure Boot more strict. If the Linux bootloader hasn’t been updated or properly configured, the system may fail to boot and show this error.

Luckily, there are a few ways to fix this issue depending on your setup. Whether you’re still using Linux alongside Windows or no longer need it, the following methods will help you get your system booting normally again.

1. Temporarily Disable Secure Boot, Update Shim, Then Re-enable It

The main reason behind this error is that your Linux bootloader (usually Shim) is outdated and no longer trusted by Secure Boot. To fix this, you’ll first need to temporarily disable Secure Boot, then update Shim to a secure version, and finally turn Secure Boot back on for full system protection.

Step 1: Disable Secure Boot

  1. Restart your PC and enter BIOS/UEFI by pressing the key shown during startup (commonly Del, Esc, F2, or F10).
  2. Navigate to the Boot or Security tab.
  3. Find the Secure Boot option and set it to Disabled.
  4. Press F10 to save changes and exit BIOS.
  5. Boot into your Linux system.

Step 2: Delete SBAT Policy and Update Shim in Linux

  1. Once inside Linux, press Ctrl + Alt + T to open the Terminal.
  2. Delete the existing SBAT policy using this command:
    sudo mokutil --set-sbat-policy delete

  3. Reboot your system once.
  4. Open the Terminal again and run this command to update Shim:
    sudo apt update && sudo apt upgrade shim-signed

  5. Once the update completes, reboot your PC again.

Step 3: Re-enable Secure Boot

  1. Restart your PC and enter BIOS again.
  2. Go to the Secure Boot option and set it back to Enabled.
  3. Save changes and exit BIOS.
  4. Your system should now boot normally with Secure Boot turned on and a valid, updated Shim.

2. Change Boot Order in BIOS to Prioritize Windows Boot Manager

If your system still shows the SBAT error or tries to boot into Linux even after fixing Shim, the issue might be due to the wrong bootloader being selected. On dual-boot systems, both Windows and Linux install their own boot managers (Windows Boot Manager and GRUB/Shim). If the system tries to use the Linux one first, it may trigger this error. You can fix this by changing the boot order in BIOS so that Windows Boot Manager loads first.

  1. Restart your PC and enter BIOS/UEFI by pressing the key shown during startup (usually Del, Esc, F2, or F10).
  2. Navigate to the Boot tab or section.
  3. Look for Boot Priority or Boot Option Priorities.
  4. Set Windows Boot Manager as the first boot option.
  5. Move GRUB, Shim, or any Linux boot entries to a lower priority.
  6. Press F10 to save changes and exit BIOS.
  7. Your system should now boot directly into Windows without loading the Linux bootloader first.

3. Disable Fast Boot in BIOS

If you’re still getting the error, the problem might be caused by a BIOS feature called Fast Boot. This setting speeds up startup by skipping hardware checks, but it can block Linux or other operating systems from loading correctly especially in dual-boot setups. Disabling Fast Boot forces the system to check all hardware properly and avoids conflicts with bootloaders like Shim or GRUB.

  1. Restart your PC and enter BIOS/UEFI by pressing the key shown during startup (usually Del, Esc, F2, or F10).
  2. Go to the Boot tab or section. On some systems, you may need to switch to Advanced Mode first.
  3. Look for a setting called Fast Boot.
  4. Set it to Disabled.
  5. Save your changes (press F10 or use the Save & Exit option).
  6. Restart your PC and try booting again.

4. Reset Windows to Remove Conflicting Bootloaders

If you’re no longer using Linux and just want your PC to boot into Windows without errors, resetting Windows is a reliable fix. This process removes any leftover Linux bootloaders (like GRUB or Shim), repairs damaged Windows startup files, and resets Secure Boot settings to default. It’s a good option when other solutions haven’t worked or if your system still shows the SBAT error after startup.

  1. Start by force-restarting your PC 3–4 times to trigger the Automatic Repair screen.
  2. Once the screen appears, click on Troubleshoot.
  3. Click on Reset this PC.
  4. Choose Keep my files if you want to preserve personal data, or Remove everything if you’re starting fresh.
  5. Follow the on-screen steps to complete the reset.

Once the reset is complete, Windows will boot normally using the default bootloader. If needed, you can re-enable Secure Boot through BIOS for added protection.

Abdullah IqbalPublished on July 9, 2025
Abdullah is a certified Google IT Support Professional.
ABOUT THE AUTHOR
Photo of Abdullah Iqbal

Abdullah Iqbal


Abdullah is a Google IT certified Help Desk Technician with extensive experience in providing technical support to system users. He has a proven track record of effectively resolving IT issues, and is adept at working with tools like Jira and ZenDesk to efficiently manage support tickets. Abdullah is committed to staying up-to-date with the latest technological advancements and constantly seeks to improve his skills and knowledge through professional development opportunities.