https://bugzilla.suse.com/show_bug.cgi?id=1208766 https://bugzilla.suse.com/show_bug.cgi?id=1208766#c17 --- Comment #17 from Frank Krüger <fkrueger@mailbox.org> --- (In reply to Joey Lee from comment #12)

(In reply to Joey Lee from comment #3)

...

After the Tumbleweed kernel be locked down, the only way for using hibernation is disabled EFI secure boot. User can use UEFI firmware UI to disable secure boot, or using mokutil to disable validation from shim layer:

mokutil --disable-validation

On the other hand, upstream is working on a solution with TPM2:

[PATCH v5 00/11] Encrypted Hibernation https://lkml.org/lkml/2022/11/11/1229

Evan's patch set is developed to v5. Then he got suggestions about the security of PCR23. His idea is following:

[PATCH v5 01/11] tpm: Add support for in-kernel resetting of PCRs Evan Green https://lore.kernel.org/lkml/20221111151451.v5.7. Ifff11e11797a1bde0297577ecb2f7ebb3f9e2b04@changeid/T/ #m77aa6045cae41786c7d831ca7a99f519961e1891

Is there a solution within sight regarding hibernation with the lockdown kernel, when secure boot is enabled? Thx. -- You are receiving this mail because: You are on the CC list for the bug.