Public bug reported: My PC will not hibernate with 22.04 and secure boot enabled. Only workaround seems to be to disable secure boot, og do not hibernate. Unfortunately my PC is locked on secure boot from the IT department.
As disabling secure boot is the most useful workaround, I mark this as a security issue. I get these messages from the kernel sudo dmesg | grep lockdown [sudo] password for kfa: [ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7 [ 0.838074] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7 [ 1.902562] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7 [ 4.290619] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 I found a number of reports regarding this stating that it is not possible to sign the memory when swapping it to disk. Possibly it is solved in a later 5.19 kernel version, but 22.04 is on 5.15. I found a 5.17 kernel, but that did not solve the problem. It is not possible for me to try the latest 5.19 kernel, as it has to be signed to test this. An alternative could be a patch to the Ubuntu kernel, disabling this until a real solution is found. Here are some references to other sites mentioning the problem https://askubuntu.com/questions/1106105/hibernate-with-uefi-and-secure-boot-enabled https://unix.stackexchange.com/questions/591488/why-does-the-kernel-lockdown-prevent-hibernation/591493#591493 https://askubuntu.com/questions/1259538/lockdown-systemd-logind-hibernation-is-restricted-see-man-kernel-lockdown-7 ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: hibernation secure-boot ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1992154 Title: hibernation is restricted with secure boot Status in linux package in Ubuntu: New Bug description: My PC will not hibernate with 22.04 and secure boot enabled. Only workaround seems to be to disable secure boot, og do not hibernate. Unfortunately my PC is locked on secure boot from the IT department. As disabling secure boot is the most useful workaround, I mark this as a security issue. I get these messages from the kernel sudo dmesg | grep lockdown [sudo] password for kfa: [ 0.000000] Kernel is locked down from EFI Secure Boot mode; see man kernel_lockdown.7 [ 0.838074] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7 [ 1.902562] Lockdown: systemd: /dev/mem,kmem,port is restricted; see man kernel_lockdown.7 [ 4.290619] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 I found a number of reports regarding this stating that it is not possible to sign the memory when swapping it to disk. Possibly it is solved in a later 5.19 kernel version, but 22.04 is on 5.15. I found a 5.17 kernel, but that did not solve the problem. It is not possible for me to try the latest 5.19 kernel, as it has to be signed to test this. An alternative could be a patch to the Ubuntu kernel, disabling this until a real solution is found. Here are some references to other sites mentioning the problem https://askubuntu.com/questions/1106105/hibernate-with-uefi-and-secure-boot-enabled https://unix.stackexchange.com/questions/591488/why-does-the-kernel-lockdown-prevent-hibernation/591493#591493 https://askubuntu.com/questions/1259538/lockdown-systemd-logind-hibernation-is-restricted-see-man-kernel-lockdown-7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1992154/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
