Hibernation with kernel lockdown on luks+lvm swap

For three years now I've been using systemd-logind to handle idle and automatic hibernation. All worked well with my partition layout:

+----------------------------------------------+
| PART1: /boot/efi   | PART2: luks1            |
|                    +------------+------------+
|                    | LVM1:  /   | LVM2: SWAP |
+--------------------+------------+------------+

The system was using secure boot with the luks key within the encrypted initramfs (grub ask for the password). All went well and hibernation was working.

Since I updated to new LTS kernel and enabled the lockdown integrity feature, my hibernation isn't working anymore.

I've got these message in my logs:

Lockdown: swapper/0: hibernation is restricted; see kernel_lockdown.7
Lockdown: init: hibernation is restricted; see kernel_lockdown.7
Lockdown: systemd-logind: hibernation is restricted; see kernel_lockdown.7

I've checked what I've found online about it (because it seem man doesn't have a manpage for that specific entry).

https://www.mankier.com/7/kernel_lockdown

The only thing I've found is about the security of the swap partiton:

Unencrypted hibernation/suspend to swap are disallowed as the kernel image is saved to a medium that can then be accessed.

But my swap partition is encrypted so I don't see why it's not working. When systemd-logind try to put the system into hibernation, I've the last message (see above in the logs) before the system is shutdown.

Any advices ?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by