Source: linux Severity: normal Dear maintainer(s), it seems that when Debian kernel images are booted under UEFI Secure Boot, they unconditionally enable kernel lockdown, which (among other things) unconditionally disables the ability to hibernate (suspend to disk).
While I understand the reasoning behind this is that the suspended image could be maliciously modified, this is not a concern for every user - e.g. in my case the system suspends to a LUKS-encrypted swap partition. Therefore I believe there should be a way for people to make use of Secure Boot's boot image integrity guarantees while preserving the ability to hibernate. Cheers, -- Anton Khirnov -- System Information: Debian Release: 13.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500, 'stable'), (400, 'unstable'), (300, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 6.16.3+deb14-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_CPU_OUT_OF_SPEC Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init)
