On Thu 2019-02-28 15:11:45, Matthew Garrett wrote: > From: Josh Boyer <jwbo...@fedoraproject.org> > > There is currently no way to verify the resume image when returning > from hibernate. This might compromise the signed modules trust model, > so until we can work with signed hibernate images we disable it when the > kernel is locked down. > > Signed-off-by: Josh Boyer <jwbo...@fedoraproject.org> > Signed-off-by: David Howells <dhowe...@redhat.com> > Reviewed-by: "Lee, Chun-Yi" <j...@suse.com> > cc: linux...@vger.kernel.org
It would be good to cc hibernation maintainers here.
> ---
> kernel/power/hibernate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> index abef759de7c8..802795becb88 100644
> --- a/kernel/power/hibernate.c
> +++ b/kernel/power/hibernate.c
> @@ -70,7 +70,7 @@ static const struct platform_hibernation_ops
> *hibernation_ops;
>
> bool hibernation_available(void)
> {
> - return (nohibernate == 0);
> + return nohibernate == 0 && !kernel_is_locked_down("Hibernation");
> }
>
> /**
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
