https://bugzilla.suse.com/show_bug.cgi?id=1228224 https://bugzilla.suse.com/show_bug.cgi?id=1228224#c4 --- Comment #4 from Alexander Krupp <obs@akr.yagii.de> --- After reading up I understand now, that the efi secret key is meant to be provided in a "confidential computing" scenario, including certain hardware measures with a focus on trusted cloud computing. I am not an expert in this area, however, I am wondering if this feature could be exploited somehow in a UEFI secure boot setting? I can not accept the reasoning given by some people, that the battery backed suspend states (even if they last for a month) are a sufficient replacement for hibernation. This argument is IMHO based on purely anecdotal evidence and personal work style. Hibernation has several advantages, like, e.g., being able to replace a battery in mid-work with laptops that have a removable one, or, being able to "suspend" when being troubled with a broken battery. Meanwhile, at least for laptop users, it would be nice to have the option of running an officially signed kernel without hibernation lockdown. My reasoning in bug 1208766 comment 23 may be flawed and it possibly reiterates internal discussions at OpenSuSE, however, I would prefer such line of argumentation to be taken into consideration before I start to compile, and, sign my personal kernel flavor just to be able to upgrade to a security and usability level comparable to a well known commercial OS vendor. I have encrypted hibernation with TPM support, secure boot, kernel lockdown working on 15.5 and would very much hesitate to dispense with these features. -- You are receiving this mail because: You are the assignee for the bug.