Ddos 
As early as July 2024, Microsoft noted in its preview cumulative update logs that dual-boot configurations involving Windows and Linux could fail to start properly after installation. The root cause was traced to a compatibility issue between Secure Boot Advanced Targeting (SBAT) and the Linux Unified Extensible Firmware Interface (UEFI).
When SBAT is applied via cumulative updates to Windows 10 or 11, it prevents vulnerable Linux EFI (Shim bootloader) from executing. As a result, Linux fails to boot and throws the error: “Verifying shim SBAT data failed.”
After nine months of persistent issues, Microsoft has finally issued an update to resolve the startup failure affecting Windows 10/11 and Linux dual-boot systems.
This failure, in fact, fell within Microsoft’s anticipated risk scope. The company’s security policy is designed to block outdated and vulnerable boot managers. SBAT updates are not intended for devices configured with dual-boot setups; however, on certain devices, custom boot methods went undetected, and SBAT was erroneously applied, leading to validation and startup failures.
This issue had widespread implications, affecting Windows 10, Windows 11, the Windows LTSB/LTSC series, and Windows Server editions. It was not until May 2025 that Microsoft confirmed in a routine cumulative update that the problem had been fully resolved.
In the May update, Microsoft updated Secure Boot Advanced Targeting and Linux UEFI compatibility to resolve the issue where SBAT could not detect Linux systems. Following this update, no additional configuration is needed for Linux systems to boot properly.
For users unable to install the May 2025 cumulative update, manual intervention is required. They must first disable Secure Boot, remove SBAT-related policies from the Linux system, and then re-enable Secure Boot once the modifications are complete.
Donate