Comment # 17 on bug 1208766 from Frank Krüger 
(In reply to Joey Lee from comment #12)
> (In reply to Joey Lee from comment #3)
> > After the Tumbleweed kernel be locked down, the only way for using
> > hibernation is disabled EFI secure boot. User can use UEFI firmware UI to
> > disable secure boot, or using mokutil to disable validation from shim layer:
> > 
> > mokutil --disable-validation
> > 
> > 
> > On the other hand, upstream is working on a solution with TPM2: 
> > 
> > [PATCH v5 00/11] Encrypted Hibernation
> > https://lkml.org/lkml/2022/11/11/1229
> 
> Evan's patch set is developed to v5. Then he got suggestions about the
> security of PCR23. His idea is following:
> 
> [PATCH v5 01/11] tpm: Add support for in-kernel resetting of PCRs Evan Green
> https://lore.kernel.org/lkml/20221111151451.v5.7.
> Ifff11e11797a1bde0297577ecb2f7ebb3f9e2b04@changeid/T/
> #m77aa6045cae41786c7d831ca7a99f519961e1891

Is there a solution within sight regarding hibernation with the lockdown
kernel, when secure boot is enabled? Thx.

You are receiving this mail because: