diff --git a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
index 8618f539..e8902664 100644
--- a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
+++ b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.c
@@ -34,6 +34,7 @@
 
 #define CUR_SBAT_VER    1
 
+STATIC BOOLEAN gPolicySetFlag = FALSE;
 STATIC EFI_GUID gVtoySbatGUID = { 0xf755068a, 0xe04f, 0x452b, { 0x9d, 0x6d, 0x7c, 0x55, 0x96, 0xb3, 0xc0, 0x7d }};
 STATIC EFI_GUID gShimLockGUID = SHIM_LOCK_GUID;
 STATIC EFI_SECURITY_FILE_AUTHENTICATION_STATE gSysSecFileAuth = NULL;
@@ -374,6 +375,11 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
         return EFI_SUCCESS;
     }
 
+    if (!gPolicySetFlag)
+    {
+        goto SHIM_CHECK;
+    }
+
     /*
      * Step 1:
      * Use original UEFI firmware auth API.
@@ -389,6 +395,8 @@ STATIC EFI_STATUS EFIAPI SecurityPolicyAuth
     }
 
 
+SHIM_CHECK:
+
     /*
      * Step 2:
      * Use shim verify API.
@@ -436,6 +444,10 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
         return EFI_SUCCESS;
     }
 
+    if (!gPolicySetFlag)
+    {
+        goto SHIM_CHECK;
+    }
 
     /*
      * Step 1:
@@ -452,6 +464,7 @@ STATIC EFI_STATUS EFIAPI Security2PolicyAuth
     }
 
 
+SHIM_CHECK:
     /*
      * Step 2:
      * Use shim verify API.
@@ -546,11 +559,13 @@ STATIC VOID EFIAPI UnHookSecurityPolicy(VOID)
 
 STATIC VOID EFIAPI VtoyByPassSB(VOID)
 {
+    gPolicySetFlag = TRUE;
     gVtoyByPassSB = TRUE;
 }
 
 STATIC VOID EFIAPI VtoyCheckSB(VOID)
 {
+    gPolicySetFlag = TRUE;
     gVtoyByPassSB = FALSE;
 }
 
@@ -693,6 +708,7 @@ STATIC EFI_STATUS EFIAPI ShimEfiMain
         goto END;
     }
 
+
     /* Finally launch Ventoy grub */
     Status = LaunchRealGrub(ImageHandle, REAL_GRUB_FILE);
     if (EFI_ERROR(Status))
@@ -765,11 +781,16 @@ STATIC EFI_STATUS EFIAPI VtoyExitBootServices
     IN  UINTN       MapKey
 )
 {
+    EFI_EXIT_BOOT_SERVICES SysExitBS;
+
+    /* UnHookSystemService will set gSysExitBootServices NULL */
+    SysExitBS = gSysExitBootServices;
+
     UnHookSecurityPolicy();
     UnInstallVtoyShimProtocol();
     UnHookSystemService();
 
-    return gSysExitBootServices(ImageHandle, MapKey);
+    return SysExitBS(ImageHandle, MapKey);
 }
 
 STATIC VOID EFIAPI HookSystemService(VOID)
diff --git a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
index 7c7b6c2c..0d7021c6 100644
--- a/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
+++ b/EDK2/edk2_mod/edk2-edk2-stable201911/MdeModulePkg/Application/VtoyShim/VtoyShim.h
@@ -88,6 +88,7 @@ typedef VOID (*shim_void_func_pf)(VOID);
 #define VtoySleep(sec)      gBS->Stall(1000000 * (sec))
 #define vLog(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__)
 #define vErr(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(5)
+#define vDbg(fmt, ...)      VtoyLog(fmt "\r\n", ##__VA_ARGS__); VtoySleep(2)
 
 #define CheckFreePool(p) \
 do { \