Comment # 16 on bug 1208766 from DaAwesome P

Overnight sleeping without hibernation on many laptops is practically unusable.
Since hibernation signing seems to be quite far off upstream, would it be
possible to implement a downstream patch to optionally allow hibernation in
lockdown with a flag?

The current workaround is to disable secure boot, but this creates an
all-other-nothing security paradigm. A laptop user who may benefit from secure
boot and the rest of the lockdown features may disable them in order to gain
one feature. This is especially concerning because this feature used to be
available and no longer is available (users will actively look for a solution).

While an encrypted swap may not be as strong as a not-yet-implemented
hibernation signing scheme, it is still better than disabling secure boot and
lockdown altogether, which users are currently incentivized to do in order to
hibernate their machines.

Example patch: https://gist.github.com/kelvie/917d456cb572325aae8e3bd94a9c1350

This patch could be implemented as a signed package or be provided into the
kernel as-is. This would be an additional kernel flag and would in no way be
set as a default.

Directing distro users to implement a kernel patch themselves is also not
always the best solution because it circumvents a main advantage of
distro-provided signed and updated kernel packages: timely important security
patches.