The workaround way if above does not work (this leaves you vulnerable): 1. turn off secure boot 2. boot linux, run: sudo mokutil --set-sbat-policy delete 3. boot windows, run: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD 4. turn on SB

5. keep eye out for linux OS updates and once a GRUB/shim update comes in delete above registry key from your windows system.