Fix: Unable to Start Linux on Dual-Boot Device with Windows 10/11
If you have a dual-boot computer with Linux and Windows 10 or Windows 11 operating systems and you are unable to boot Linux in your device, this article will help you in fixing the issue and booting Linux OS without any problem.
Table of Contents
- PROBLEM SYMPTOM: Unable to Boot Linux If You Have Dual-Boot Windows Device
- REASON: Secure Boot Advanced Targeting (SBAT) Feature is Causing Linux Boot Issue
- SOLUTION 1: Before Installing SBAT Security Update on Your Dual-Boot Device
- SOLUTION 2: After Installing SBAT Security Update on Your Dual-Boot Device
PROBLEM SYMPTOM: Unable to Boot Linux If You Have Dual-Boot Windows Device
Many people setup dual-boot feature in their computer system to be able to use more than one operating system on a single device. For example, you might be using a dual-boot device with Windows 7 and Windows 10/11. Lots of advanced users install a Linux distro along with Windows operating system in their device.
On a dual-boot device, we can start or boot only one operating system at a time. If we want to use other OS, we need to restart the device to select other installed operating system. A boot loader or boot manager screen appears at startup to select desired operating system.
Recently many Linux users started having a strange issue while trying to boot Linux on their dual-boot device. Whenever they try to start Linux OS, it fails to boot and displays following error message:
Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.
The other operating systems installed on the device such as Windows 10/11 are working fine. Only Linux is showing this error message and failing to start.
REASON: Secure Boot Advanced Targeting (SBAT) Feature is Causing Linux Boot Issue
It’s a known issue that has been officially acknowledged by Microsoft. A recently released Windows update enabled a security feature called Secure Boot Advanced Targeting (SBAT). This new feature is causing Linux boot issue on many devices.
This problematic security update was released for Windows 10 and Windows 11 and applied SBAT setting to Windows devices to automatically block old, vulnerable boot managers or boot loaders. This update was developed to not apply on dual-boot devices. Still the dual-boot detection failed to detect some customized dual-booting methods and applied the SBAT setting incorrectly when it should not have been applied.
So it’s a Windows security update that is causing Linux boot issue on dual-boot computer systems.
SOLUTION 1: Before Installing SBAT Security Update on Your Dual-Boot Device
If you are reading this article and you haven’t installed the problematic security update yet in your Windows 10/11 device, you can follow the steps given below before restarting your device and it’ll disable the new security feature and you’ll not face any issue in booting the Linux OS.
STEP 1: Open Command Prompt as Administrator using any method given in this article.
STEP 2: Copy and paste following command in Command Prompt window and press Enter key:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
This command will disable the new SBAT security feature in your device.
Now you can safely restart your device.
SOLUTION 2: After Installing SBAT Security Update on Your Dual-Boot Device
If you already installed the security update and you are now facing Linux boot issue in your dual-boot device, you can follow the steps given below to fix the issue:
STEP 1: First of all, you’ll need to open BIOS/UEFI setup in your device. When your computer starts, keep pressing F2 key to open BIOS/UEFI settings screen. Different brand computers require different key press to access BIOS setup. In most of the brands, F2 key is used. If it doesn’t work, you can try pressing Delete key.
Following article will help you in opening BIOS setup screen in your computer:
How to Enter BIOS Settings on Your Windows PC?
STEP 2: Now disable Secure Boot option. The option should be present under Security/Advanced tab or section. The section and option names might be different in different brands.
Now save and exit from BIOS setup screen by selecting Exit option or by pressing F10 key or other options shown by your computer.
STEP 3: Restart your computer and now select Linux from the boot loader/manager screen. It should now start without any issue.
You can now delete the problematic SBAT Update using Linux Terminal. Open the terminal and run following command:
sudo mokutil --set-sbat-policy delete
Restart your device and boot Linux again.
STEP 4: To verify SBAT revocation, run following command in Terminal:
mokutil --list-sbat-revocations
If the list shows no revocations, it means the SBAT security setting has been disabled/removed successfully.
STEP 5: Now restart your computer and open BIOS/UEFI setup again. Now re-enable Secure Boot option.
STEP 6: At last, start Windows and run following command in Command Prompt as Administrator to prevent future SBAT Updates in Windows:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
That’s it. Now you can use Linux and Windows operating systems without any issue in your dual-boot device.
Also Check:
How to Enable TPM 2.0 and Secure Boot Using BIOS Settings
How to Remove Linux Boot Loader from Startup After Deleting Linux Partitions?
How to Disable New Metro Boot Loader and Restore Classic Boot Loader in Windows
Comments
NOTE: Older comments have been removed to reduce database overhead. Be the first one to start the discussion.