-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to boot with ventoy after shim update #650
Comments
Hi Macmill, would you please check whether the sbat generation number of grub2 is smaller than NVRAM variable ? |
Well, could you please describe the steps. Finding the sbat generation number is something I have not done before. |
For example: step 1: show grub2 sbat entries step 2: show variable content (the exact path depends on your system) step 3: compare both |
found this for the grub sbat entries "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md and the variable content is "sbat,1,2021030218" Other than this can't find anything else. The code for step one was not displaying anything. Please give a bit more detail. |
Just curious. Like you said:
|
Nope..did not need to turn secure boot off for booting into fedora as it has the latest shim package. Only when booting with ventoy. Even tried booting opensuse with secure boot turned on and it shows the same message mentioned above. Only workaround for booting other things that are not on same shim version(15.8 currently) is to turn secure boot off. Hope that makes sense. ventoy/Ventoy#2692 you can see this page for reference. https://en.opensuse.org/openSUSE:UEFI#Reset_SBAT_string_for_booting_to_old_shim_in_old_Leap_image and this is an opensuse forum instructing how to reset the sbat for booting into old shim |
Same problem. Did you solve it ? |
Okay...so its working now apparently after a week of leaving it alone and not attempting to boot ventoy, and this happened today. So here is the thing, ventoy by default formats your usb drive in exfat format with mbr partition. Their website states that uefi firmware are upto somewhat compatible with mbr partitions. Therefore i've always used exfat+mbr despite having a gpt drive and uefi firmware. Today i decided to give it one more try but this time i reinstalled ventoy with exfat+gpt and decided to boot it up. And to my surprise the error message did not show up and it went straight to ventoy boot menu. I have no idea what happened. Nothing changed with my pc since the last time i tried and got the error message. To make sure the issue is gone i reinstalled ventoy with exfat+mbr again, reset my uefi settings to default and it worked too. I don't think formatting the usb drive with gpt was the solution but that is all i did. So now i am genuinely clueless but the issue is gone. |
Thank you bro! Your reply helped me a lot. I'll try it later. |
Installed fedora 39 workstation. During the system update my pc froze. so i forced shut down, after reboot everything seemed just fine. However, my usb drive with ventoy in it won't boot with secure boot turned on. I did some research and identified the issue is probably because of a shim version mismatch. Now whenever i try to boot into ventoy with secure boot turned on, it says: "verifyig shim sbat data failed: security policy violation. something has gone seriously wrong: sbat self check failed: security policy violation". only workaround is turning secure boot off. But how can i fix this?
The text was updated successfully, but these errors were encountered: