> The answer seems to be to install with LVM and encryption. That ensures > that the swap area is encrypted and *cannot* be messed with while the > device is hibernated (which is the rationale for Secure Boot not allowing > hibernation to a "naked" swap partition).
How does UEFI know about Debian's swap and how does it know whether
it's encrypted?
Stefan
