Switch secure boot to use Ventoy+Acronis (clone disk) with out lose PIN or FINGERPRINT (functionalities)

Good morning,

Usually every Sunday I make backup copies using ventoy+acronis. In a simplified way, I clone the entire hard drive into another exactly the same one.

This way if the disk breaks I just have to open framework13, replace the disk and continue working.

With the Windows update I have not been able to boot using Ventoy due to the following error:

Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation

Given the impossibility of booting through the Ventoy USB, I had to disable secure boot using the F2 key.

Finally I was able to boot, make the copy. Later I enabled secure startup again to leave it as it was previously but… surprise…

The pin and fingerprint did not allow them to be used, because window had detected a change in security… I had to log in with a password.

I have had to reconfigure the pin and fingerprint as if the computer were new.

Every time I want to clone the disk will I have to do all this?

Thanks for all.

That error implies Ventoy is using outdated software versions with known security vulnerabilities that are blocked from loading on up-to-date systems. You should contact the developer and ask them to update their shim version.

As a workaround, you can run sudo mokutil --set-sbat-policy delete from an up-to-date Fedora Linux live USB to clear the SBAT policy. This may open you to some security risks, and Windows Update (or Linux equivalents) may automatically reapply it.

Ah yes, I read about this. The Windows update broke a lot of people that were dual booting with secure boot on