Bug 869642 - kernel: resume from disk must be disabled in Secure Boot mode
Summary: kernel: resume from disk must be disabled in Secure Boot mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Josh Boyer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 869613
TreeView+ depends on / blocked
 
Reported: 2012-10-24 13:22 UTC by Florian Weimer
Modified: 2013-04-01 19:41 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-04-01 19:41:57 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
disable hibernate in sb environment (2.29 KB, text/plain)
2012-10-26 18:57 UTC, Josh Boyer 		no flags Details
disable hibernate in sb environment v2 (2.80 KB, text/plain)
2012-10-31 17:35 UTC, Josh Boyer 		no flags Details
Show Obsolete (1) View All

Description Florian Weimer 2012-10-24 13:22:29 UTC 
There is no way we can validate that the data from a hibernated image stems from a trusted execution, so we cannot support hibernate-to-disk in Secure Boot mode.  (Technically, suspend-to-disk is fine, but resuming from disk is not.)
Comment 1 Josh Boyer 2012-10-24 13:24:10 UTC 
Right.  I'll get a patch added for it in a bit.
Comment 2 Josh Boyer 2012-10-26 18:57:38 UTC 
Created attachment 634010 [details]
disable hibernate in sb environment

This should be sufficient.  Note, it's clearly based on the other secure boot patches we're carrying in Fedora.
Comment 3 Josh Boyer 2012-10-31 17:35:30 UTC 
Created attachment 636264 [details]
disable hibernate in sb environment v2

Updated to include swsusp after feedback from Jiri Kosina.
Comment 4 Josh Boyer 2013-04-01 19:41:57 UTC 
This has been fixed for some time now.
Note You need to log in before you can comment on or make changes to this bug.