Comment # 4 on bug 1228224 from Alexander Krupp

After reading up I understand now, that the efi secret key is meant to be
provided in a "confidential computing" scenario, including certain hardware
measures with a focus on trusted cloud computing. I am not an expert in this
area, however, I am wondering if this feature could be exploited somehow in a
UEFI secure boot setting? 

I can not accept the reasoning given by some people, that the battery backed
suspend states (even if they last for a month) are a sufficient replacement for
hibernation. This argument is IMHO based on purely anecdotal evidence and
personal work style. Hibernation has several advantages, like, e.g., being able
to replace a battery in mid-work with laptops that have a removable one, or,
being able to "suspend" when being troubled with a broken battery. 

Meanwhile, at least for laptop users, it would be nice to have the option of
running an officially signed kernel without hibernation lockdown. 

My reasoning in bug 1208766 comment 23 may be flawed and it possibly reiterates
internal discussions at OpenSuSE, however, I would prefer such line of
argumentation to be taken into consideration before I start to compile, and,
sign my personal kernel flavor just to be able to upgrade to a security and
usability level comparable to a well known commercial OS vendor. 

I have encrypted hibernation with TPM support, secure boot, kernel lockdown
working on 15.5 and would very much hesitate to dispense with these features.