https://bugzilla.suse.com/show_bug.cgi?id=1208766 https://bugzilla.suse.com/show_bug.cgi?id=1208766#c16 --- Comment #16 from DaAwesome P <opensuse@perrynaseck.com> --- Overnight sleeping without hibernation on many laptops is practically unusable. Since hibernation signing seems to be quite far off upstream, would it be possible to implement a downstream patch to optionally allow hibernation in lockdown with a flag? The current workaround is to disable secure boot, but this creates an all-other-nothing security paradigm. A laptop user who may benefit from secure boot and the rest of the lockdown features may disable them in order to gain one feature. This is especially concerning because this feature used to be available and no longer is available (users will actively look for a solution). While an encrypted swap may not be as strong as a not-yet-implemented hibernation signing scheme, it is still better than disabling secure boot and lockdown altogether, which users are currently incentivized to do in order to hibernate their machines. Example patch: https://gist.github.com/kelvie/917d456cb572325aae8e3bd94a9c1350 This patch could be implemented as a signed package or be provided into the kernel as-is. This would be an additional kernel flag and would in no way be set as a default. Directing distro users to implement a kernel patch themselves is also not always the best solution because it circumvents a main advantage of distro-provided signed and updated kernel packages: timely important security patches. -- You are receiving this mail because: You are on the CC list for the bug.