artiomchi · April 6, 2025 10:38
diff --git a/fedora-41-hibernate.patch b/fedora-41-hibernate.patch
 diff --color -rupN a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
 --- a/Documentation/admin-guide/kernel-parameters.txt	2025-03-28 21:04:59.000000000 +0000
 +++ b/Documentation/admin-guide/kernel-parameters.txt	2025-04-05 09:49:51.707327847 +0100
 @@ -3074,6 +3074,11 @@
 			to extract confidential information from the kernel
 			are also disabled.
 
 +	lockdown_hibernate	[HIBERNATION]
 +			Enable hibernation even if lockdown is enabled. Enable this only if
 +			your swap is encrypted and secured properly, as an attacker can
 +			modify the kernel offline during hibernation.
 +
 	locktorture.acq_writer_lim= [KNL]
 			Set the time limit in jiffies for a lock
 			acquisition.  Acquisitions exceeding this limit
 diff --color -rupN a/kernel/power/hibernate.c b/kernel/power/hibernate.c
 --- a/kernel/power/hibernate.c	2025-03-28 21:04:59.000000000 +0000
 +++ b/kernel/power/hibernate.c	2025-04-05 09:51:38.509738786 +0100
 @@ -37,6 +37,7 @@
 #include "power.h"
 
 
 +static int lockdown_hibernate;
 static int nocompress;
 static int noresume;
 static int nohibernate;
 @@ -92,7 +93,7 @@ void hibernate_release(void)
 bool hibernation_available(void)
 {
 	return nohibernate == 0 &&
 -		!security_locked_down(LOCKDOWN_HIBERNATION) &&
 +		(lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) &&
 		!secretmem_active() && !cxl_mem_active();
 }
 
 @@ -1485,6 +1486,12 @@ module_param_cb(compressor, &hibernate_c
 MODULE_PARM_DESC(compressor,
 		 "Compression algorithm to be used with hibernation");
 
 +static int __init lockdown_hibernate_setup(char *str)
 +{
 +	lockdown_hibernate = 1;
 +	return 1;
 +}
 +
 __setup("noresume", noresume_setup);
 __setup("resume_offset=", resume_offset_setup);
 __setup("resume=", resume_setup);
 @@ -1492,3 +1499,4 @@ __setup("hibernate=", hibernate_setup);
 __setup("resumewait", resumewait_setup);
 __setup("resumedelay=", resumedelay_setup);
 __setup("nohibernate", nohibernate_setup);
 +__setup("lockdown_hibernate", lockdown_hibernate_setup);
	diff --color -rupN a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
	--- a/Documentation/admin-guide/kernel-parameters.txt 2025-03-28 21:04:59.000000000 +0000
	+++ b/Documentation/admin-guide/kernel-parameters.txt 2025-04-05 09:49:51.707327847 +0100
	@@ -3074,6 +3074,11 @@
	to extract confidential information from the kernel
	are also disabled.

	+ lockdown_hibernate [HIBERNATION]
	+ Enable hibernation even if lockdown is enabled. Enable this only if
	+ your swap is encrypted and secured properly, as an attacker can
	+ modify the kernel offline during hibernation.
	+
	locktorture.acq_writer_lim= [KNL]
	Set the time limit in jiffies for a lock
	acquisition. Acquisitions exceeding this limit
	diff --color -rupN a/kernel/power/hibernate.c b/kernel/power/hibernate.c
	--- a/kernel/power/hibernate.c 2025-03-28 21:04:59.000000000 +0000
	+++ b/kernel/power/hibernate.c 2025-04-05 09:51:38.509738786 +0100
	@@ -37,6 +37,7 @@
	#include "power.h"


	+static int lockdown_hibernate;
	static int nocompress;
	static int noresume;
	static int nohibernate;
	@@ -92,7 +93,7 @@ void hibernate_release(void)
	bool hibernation_available(void)
	{
	return nohibernate == 0 &&
	- !security_locked_down(LOCKDOWN_HIBERNATION) &&
	+ (lockdown_hibernate \|\| !security_locked_down(LOCKDOWN_HIBERNATION)) &&
	!secretmem_active() && !cxl_mem_active();
	}

	@@ -1485,6 +1486,12 @@ module_param_cb(compressor, &hibernate_c
	MODULE_PARM_DESC(compressor,
	"Compression algorithm to be used with hibernation");

	+static int __init lockdown_hibernate_setup(char *str)
	+{
	+ lockdown_hibernate = 1;
	+ return 1;
	+}
	+
	__setup("noresume", noresume_setup);
	__setup("resume_offset=", resume_offset_setup);
	__setup("resume=", resume_setup);
	@@ -1492,3 +1499,4 @@ __setup("hibernate=", hibernate_setup);
	__setup("resumewait", resumewait_setup);
	__setup("resumedelay=", resumedelay_setup);
	__setup("nohibernate", nohibernate_setup);
	+__setup("lockdown_hibernate", lockdown_hibernate_setup);
No results found