There is no way we can validate that the data from a hibernated image stems from a trusted execution, so we cannot support hibernate-to-disk in Secure Boot mode. (Technically, suspend-to-disk is fine, but resuming from disk is not.)
Right. I'll get a patch added for it in a bit.
Created attachment 634010 [details] disable hibernate in sb environment This should be sufficient. Note, it's clearly based on the other secure boot patches we're carrying in Fedora.
Created attachment 636264 [details] disable hibernate in sb environment v2 Updated to include swsusp after feedback from Jiri Kosina.
This has been fixed for some time now.