On Tuesday 15 January 2013 10:11:29 Hannes Reinecke wrote:
On 01/15/2013 09:37 AM, Oliver Neukum wrote:
On Tuesday 15 January 2013 13:58:49 Lee, Chun-Yi wrote:
From: Josh Boyer <jwboyer@redhat.com>
There is currently no way to verify the resume image when returning from hibernate. This might compromise the secure boot trust model, so until we can work with signed hibernate images we disable it in a Secure Boot environment.
Signed-off-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Matthew Garrett <mjg@redhat.com> Acked-by: Lee, Chun-Yi <jlee@suse.com
@@ -723,7 +727,7 @@ static int software_resume(void) /* * If the user said "noresume".. bail out early. */ - if (noresume) + if (noresume || !capable(CAP_COMPROMISE_KERNEL)) return 0;
If this new code path is run,
1. we end up with a blocked swap partition Blocked? How?
It lacks a valid swap signature.
2. we leave an outdated image which would cause file system corruption if the user ever gets it to restore
Hmm. We would only end up with an outdated image if the user switched to secure boot _while the system is hibernated_.
Or he transplanted a hard drive. Regards Oliver -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org