I have started to get the following error, and can only get around it by disabling secure boot
Verifying shim SBAT data failed: Security Policy Violation
Something has gone serously wrong: SBAT self-check failed: Security Policy Violation
Any help please?
Webdoc
What version of fedora?
cat /etc/fedora-release
What hardware and drivers?
inxi -Fzxx
What version of the shim package is installed?
dnf list installed shim*
When was your system last updated?
Please post those outputs as preformatted text using the </> button on the toolbar.
Hello, Jeff
System is a new install today 24/04/2024, with all current updates.
webdoc@skynet-fedora:~$ cat /etc/fedora-release
Fedora release 40 (Forty)
webdoc@skynet-fedora:~$
webdoc@skynet-fedora:~$ dnf list installed shim*
Installed Packages
shim-ia32.x86_64 15.8-3 @anaconda
shim-x64.x86_64 15.8-3 @anaconda
webdoc@skynet-fedora:~$
webdoc@skynet-fedora:~$ inxi -Fzxx
System:
Kernel: 6.8.7-300.fc40.x86_64 arch: x86_64 bits: 64 compiler: gcc
v: 2.41-34.fc40
Desktop: KDE Plasma v: 6.0.3 tk: Qt v: N/A wm: kwin_wayland dm: SDDM
Distro: Fedora Linux 40 (KDE Plasma)
Machine:
Type: Desktop System: Micro-Star product: MS-7E01 v: 4.0
serial: <superuser required>
Mobo: Micro-Star model: MAG B760M MORTAR WIFI (MS-7E01) v: 4.0
serial: <superuser required> UEFI: American Megatrends LLC. v: M.70
date: 01/09/2024
Battery:
Device-1: hidpp_battery_0 model: Logitech MX Keys Wireless Keyboard
serial: <filter> charge: 55% (should be ignored) status: discharging
CPU:
Info: 16-core (8-mt/8-st) model: 12th Gen Intel Core i9-12900KS bits: 64
type: MST AMCP arch: Alder Lake rev: 2 cache: L1: 1.4 MiB L2: 14 MiB
L3: 30 MiB
Speed (MHz): avg: 803 high: 887 min/max: 800/5200:5500:4000 cores: 1: 800
2: 800 3: 800 4: 800 5: 800 6: 800 7: 800 8: 800 9: 800 10: 800 11: 800
12: 800 13: 887 14: 800 15: 800 16: 800 17: 800 18: 800 19: 800 20: 800
21: 800 22: 800 23: 800 24: 800 bogomips: 164044
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Graphics:
Device-1: Intel AlderLake-S GT1 vendor: Micro-Star MSI driver: i915
v: kernel ports: active: none empty: DP-1, DP-2, HDMI-A-1, HDMI-A-2,
HDMI-A-3, HDMI-A-4 bus-ID: 00:02.0 chip-ID: 8086:4680
Device-2: NVIDIA AD106 [GeForce RTX 4060 Ti] vendor: Gigabyte
driver: nouveau v: kernel arch: Lovelace pcie: speed: 2.5 GT/s lanes: 8
ports: active: HDMI-A-5 empty: DP-3,DP-4,HDMI-A-6 bus-ID: 01:00.0
chip-ID: 10de:2803
Display: wayland server: Xwayland v: 23.2.6 compositor: kwin_wayland
driver: N/A display-ID: 0
Monitor-1: HDMI-A-5 res: 1920x1080 size: N/A
API: EGL v: 1.5 platforms: device: 0 drv: iris device: 1 drv: nouveau
device: 2 drv: swrast gbm: drv: nouveau surfaceless: drv: iris wayland:
drv: nouveau x11: drv: nouveau
API: OpenGL v: 4.6 compat-v: 4.3 vendor: mesa v: 24.0.5 glx-v: 1.4
direct-render: yes renderer: NV196 device-ID: 10de:2803 display-ID: :0.0
API: Vulkan v: 1.3.280 surfaces: xcb,xlib,wayland device: 0
type: discrete-gpu driver: N/A device-ID: 10de:2803 device: 1
type: integrated-gpu driver: N/A device-ID: 8086:4680 device: 2 type: cpu
driver: N/A device-ID: 10005:0000
Audio:
Device-1: Intel Raptor Lake High Definition Audio vendor: Micro-Star MSI
driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:7a50
Device-2: NVIDIA vendor: Gigabyte driver: snd_hda_intel v: kernel pcie:
speed: 5 GT/s lanes: 8 bus-ID: 01:00.1 chip-ID: 10de:22bd
API: ALSA v: k6.8.7-300.fc40.x86_64 status: kernel-api
Server-1: PipeWire v: 1.0.5 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin
Network:
Device-1: Intel Raptor Lake-S PCH CNVi WiFi driver: iwlwifi v: kernel
bus-ID: 00:14.3 chip-ID: 8086:7a70
IF: wlo1 state: down mac: <filter>
Device-2: Realtek RTL8125 2.5GbE vendor: Micro-Star MSI driver: r8169
v: kernel pcie: speed: 5 GT/s lanes: 1 port: 3000 bus-ID: 04:00.0
chip-ID: 10ec:8125
IF: enp4s0 state: up speed: 2500 Mbps duplex: full mac: <filter>
Bluetooth:
Device-1: Intel AX211 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 bus-ID: 1-14:7 chip-ID: 8087:0033
Report: btmgmt ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.3
lmp-v: 12
Drives:
Local Storage: total: 9.55 TiB used: 5.06 GiB (0.1%)
ID-1: /dev/nvme0n1 vendor: Western Digital model: WD Blue SN580 500GB
size: 465.76 GiB speed: 63.2 Gb/s lanes: 4 serial: <filter> temp: 35.9 C
ID-2: /dev/sda vendor: Seagate model: ST2000DM006-2DM164 size: 1.82 TiB
speed: 6.0 Gb/s serial: <filter>
ID-3: /dev/sdb vendor: Seagate model: ST4000DM004-2CV104 size: 3.64 TiB
speed: 6.0 Gb/s serial: <filter>
ID-4: /dev/sdc vendor: Seagate model: ST4000DM004-2CV104 size: 3.64 TiB
speed: 6.0 Gb/s serial: <filter>
Partition:
ID-1: / size: 60.53 GiB used: 4.67 GiB (7.7%) fs: btrfs dev: /dev/nvme0n1p7
ID-2: /boot size: 1.8 GiB used: 380 MiB (20.7%) fs: ext4
dev: /dev/nvme0n1p5
ID-3: /boot/efi size: 94.8 MiB used: 19 MiB (20.0%) fs: vfat
dev: /dev/nvme0n1p4
ID-4: /home size: 60.53 GiB used: 4.67 GiB (7.7%) fs: btrfs
dev: /dev/nvme0n1p7
ID-5: /var size: 60.53 GiB used: 4.67 GiB (7.7%) fs: btrfs
dev: /dev/nvme0n1p7
Swap:
ID-1: swap-1 type: partition size: 1.86 GiB used: 0 KiB (0.0%) priority: -2
dev: /dev/nvme0n1p6
ID-2: swap-2 type: zram size: 8 GiB used: 0 KiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 25.0 C mobo: N/A
Fan Speeds (rpm): N/A
Info:
Memory: total: 128 GiB available: 125.57 GiB used: 3.32 GiB (2.6%)
Processes: 1034 Power: uptime: 5m wakeups: 0 Init: systemd v: 255
target: graphical (5) default: graphical
Packages: Compilers: N/A Shell: Bash v: 5.2.26 running-in: konsole
inxi: 3.3.33
webdoc@skynet-fedora:~$
With that GPU and using nouveau there seem to always be problems.
Are you using secure boot? mokutil --sb-state will tell you that.
If secure boot is enabled then you have to first enable signing the nvidia driver by
sudo dnf install akmods/usr/share/doc/akmods/README.secureboot. All those command s before the reboot must be run with sudo.After the key is created with step 2 above (or if secure boot is disabled) then continue the installation of the driver with
sudo dnf install akmod-nvidia xorg-x11-drv-nvidia-cudaHello, on further investigation into this problem its looking like the boot manager/utility program that I use (TeraByte BootIt Collection) is the software that is
causing this problem.
From their support
“It probably needs the new secure boot piece, that will be in the next update.”
Added boot, sbat, security and removed workstation
I am also using Boot-It UEFI from the TeraByte Bootit Collection. To recover from the “Verifying shim SBAT data failed: Security Policy Violation” error on my Dell PC I had to:
Note: per the developer of Terabyte Boot-It Collection this error with security violation will be fixed in the next release. However the workaround above has things functioning as expected without waiting for any new release – at least for me. I am able to dual boot.