On Thu, Jun 4, 2020 at 11:58 AM stan via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On Thu, 4 Jun 2020 10:13:59 -0600 > Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > > Also, as it relates to authenticated encrypted hibernation images, the > > upstream proposal is that since hibernation images can exist anywhere, > > they should always be encrypted independently from swap, and therefore > > not depend on whether swap is encrypted or how. > > Just following the conversation for information purposes, but I have > questions. If systemd-boot were to be used as boot service, could the > hibernate image be written to /boot/efi in place of the kernel and > initramfs, or in parallel? Would systemd-boot be able to use it? Would > that satisfy the encrypted and signed requirements? No to all sadly. On Linux, neither GRUB or sd-boot directly consume the hibernation image to perform resume. Bootloader and firmware based hibernation resumption is found on Windows and macOS (there are many hibernation implementations on Windows). On Linux, this is a kernel feature, so the bootloader loads kernel and initramfs and boots normally; the kernel uses a kernel parameter hint(s) to discover the location of the hibernation image within swap. And voila. I think the kernel does have code to support Intel Rapid Start. This is a firmware based hibernation resume implementation, so first the firmware must support it. But honestly have no idea if it works exactly like it does on Windows. At least on Windows it requires a dedicated partition expressly for the hibernation image. And the firmware's Intel Rapid Start function is given a hint at hibernate time so i knows at next power on that it should resume from this hibernation image directly. Anyway, it would take work to build a generic implementation supported in either bootloader. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
