[PATCH RFC] Add a lockdown_hibernate parameter

Kelvie Wong kelvie at kelvie.ca
Sat Nov 18 19:20:21 UTC 2023


Hello,

[sorry for the duplicate, had to re-send this as text/plain]

On Mon, 13 Nov 2023 at 20:01, Randy Dunlap <rdunlap at infradead.org> wrote:
>
> [add security & dhowells]
>
> On 11/13/23 18:23, Kelvie Wong wrote:
> > This allows the user to tell the kernel that they know better (namely,
> > they secured their swap properly), and that it can enable hibernation.
> >
> > I've been using this for about a year now, as it doesn't seem like
> > proper secure hibernation was going to be implemented back then, and
> > it's now been a year since I've been building my own kernels with this
> > patch, so getting this upstreamed would save some CO2 from me building
> > my own kernels every upgrade.
> >
> > Some other not-me users have also tested the patch:
> >
> > https://community.frame.work/t/guide-fedora-36-hibernation-with-enabled-secure-boot-and-full-disk-encryption-fde-decrypting-over-tpm2/25474/17
> > <snip>

Any comments on this patch? Or even a pulse (or a "this is a terrible
idea and it'll never be merged").

Or perhaps a "secure hibernate is on the way so we don't want this".

-- 
Kelvie



More information about the Linux-security-module-archive mailing list