Bug 869642

Summary: kernel: resume from disk must be disabled in Secure Boot mode
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: kernelAssignee: Josh Boyer <jwboyer>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: gansalmon, itamar, jfeeney, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-01 19:41:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 869613    
Attachments:
Description Flags
disable hibernate in sb environment
none
disable hibernate in sb environment v2 none

Description Florian Weimer 2012-10-24 13:22:29 UTC 
There is no way we can validate that the data from a hibernated image stems from a trusted execution, so we cannot support hibernate-to-disk in Secure Boot mode.  (Technically, suspend-to-disk is fine, but resuming from disk is not.)
Comment 1 Josh Boyer 2012-10-24 13:24:10 UTC 
Right.  I'll get a patch added for it in a bit.
Comment 2 Josh Boyer 2012-10-26 18:57:38 UTC 
Created attachment 634010 [details]
disable hibernate in sb environment

This should be sufficient.  Note, it's clearly based on the other secure boot patches we're carrying in Fedora.
Comment 3 Josh Boyer 2012-10-31 17:35:30 UTC 
Created attachment 636264 [details]
disable hibernate in sb environment v2

Updated to include swsusp after feedback from Jiri Kosina.
Comment 4 Josh Boyer 2013-04-01 19:41:57 UTC 
This has been fixed for some time now.