On Wed, Aug 21, 2024 at 7:35 AM Patrick O'Callaghan pocallaghan@gmail.com wrote:
I keep getting this in the journal:
Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7
and a glance at the man page reveals that hibernation and secure boot don't play nice unless the swap image filesystem is encrypted. My immediate reaction is to disable Secure Boot, but I'd like to know if there's an easy workaround, bearing in mind that my system is set to hibernate overnight and wake up automatically in the morning, without me having to type in a password.
Better security almost always adds inconveniences, so there are cost versus benefit tradeoffs and it is rare to have "easy" workarounds. A laptop that could be snatched by bad actors has different requirements than a server in a secure location. "Secure boot" is mostly theater until we have unified kernels, so ranks high on the cost/benefit scale.