Bug 1518473 - Secure Boot Breaks Hibernate and Hybrid Sleep
Summary: Secure Boot Breaks Hibernate and Hybrid Sleep
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 27
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-29 03:02 UTC by 陳鐸元
Modified: 2019-04-02 22:50 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-11-29 16:32:18 UTC
Type: Bug

Attachments (Terms of Use)

Description 陳鐸元 2017-11-29 03:02:46 UTC
Description of problem:
When Secure Boot is on, /sys/power/disk is disabled.
Thus, hibernate and hybrid-sleep won't work.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Turn on Secure Boot
2. systemctl hibernate or systemctl hybrid-sleep

Actual results:

systemctl hibernate 
Failed to hibernate system via logind: Sleep verb not supported

systemctl hybrid-sleep 
Failed to put system into hybrid sleep via logind: Sleep verb not supported

Expected results:
The system hibernates or hybrid sleeps

Additional info:

Comment 1 Laura Abbott 2017-11-29 16:32:18 UTC
This is intended behavior, per commit text on one of the patches

"There is currently no way to verify the resume image when returning
from hibernate.  This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down."

Comment 2 John Soros 2018-11-06 11:34:50 UTC
So what about the case when an OPAL hard disk is encrypted using the system firmware?

Note You need to log in before you can comment on or make changes to this bug.