於 二,2013-01-15 於 09:37 +0100,Oliver Neukum 提到:
On Tuesday 15 January 2013 13:58:49 Lee, Chun-Yi wrote:
From: Josh Boyer <jwboyer@redhat.com>
There is currently no way to verify the resume image when returning from hibernate. This might compromise the secure boot trust model, so until we can work with signed hibernate images we disable it in a Secure Boot environment.
Signed-off-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Matthew Garrett <mjg@redhat.com> Acked-by: Lee, Chun-Yi <jlee@suse.com
@@ -723,7 +727,7 @@ static int software_resume(void) /* * If the user said "noresume".. bail out early. */ - if (noresume) + if (noresume || !capable(CAP_COMPROMISE_KERNEL)) return 0;
If this new code path is run,
1. we end up with a blocked swap partition 2. we leave an outdated image which would cause file system corruption if the user ever gets it to restore
Is this wise?
Regards Oliver
Did you mean the above situation will happen through the following procedure? + user boot system when disabled secure boot + boot to system then trigger S4 suspend -> generate S4 image + user go to BIOS to enable secure boot then boot + software_resume() detected secure boot enabled -> skip S4 image (equals to noresume paramter) But, if user use noresume will got the same problem? tracing more... Thanks a lot! Joey Lee -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org