Ubuntu – 18.04 hibernate with UEFI and secure boot enabled

18.04hibernatesecure-bootuefi

"sudo systemctl start hibernate.target" worked fine with 16.04 on a Acer B117 using legacy boot; Updating to 18.04 forced me to use UEFI and (Acer requirement) secure boot enabled. Suspend still works, but I need hibernate.

Swap partition is active and equals RAM size + 2GB;

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=UUID=myswapuuid"

journalctl -xe revealed failure to access /sys/power/disk

cat /sys/power/disk: [disabled]

cat /sys/power/state: freeze mem

Any suggestions?

Best Answer

I have the same problem and, unfortunately, it's impossible with the official Ubuntu kernel since version 4.13 due to kernel lockdown patchset (efi-lockdown). Substantiation is:

There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down.

Related Bionic commit you can see here.

This is a controversial decision and Linus declined to merge these changes to linux kernel.

A bit more details you can find is the article Kernel lockdown in 4.17? and its comments.

So while we wait some magic software, that will work with signed hibernate images, we can only use another kernel or disable secure boot.

P.S. I'll be happy to upvote another answer if somebody solved this problem.

Related Solutions

Ubuntu – Ubuntu 14.04 single-boot with UEFI-mode enabled

If your motherboard fully supports UEFI mode, enable that. Then, make sure when selecting your flash drive, you boot into UEFI mode. To do this, I recommend using dd. To find your flash drive

sudo fdisk -l

Let's say it responds with

/dev/sda
/dev/sda1
250 gb
/dev/sdb
/dev/sdb1
14.9 gb

Then you would

dd bs=4M if=/path/to/Ubuntu.iso of=/dev/sdb

To further clarify,
bs=4m Is the base size of four megabytes, a number that I found to be fast and stable with my devices.
if=/path/to/Ubuntu.iso Input file, and then the path to the file. (Right click the file, click copy, and click the terminal and select 'Paste filenames'
of=/dev/sdb Output file (usb stick, should be discovered with sudo fdisk -l and selected based on size)

After successful boot in UEFI mode, install and make a ~100 mb partition and make it an 'EFI boot partition'. That should be it.

Ubuntu – Can not make hibernate on UEFI (Secure boot)

Apparently hibernation is disabled by design with secure boot, since modifying the stored memory content is a potential attack vector.

There seem to exist some kernel patches, which implement signed hibernate images

https://lwn.net/Articles/651274/

but I don't know whether there exist any usable packaged kernels for Ubuntu, which include those.

Best Answer

Related Solutions

Ubuntu – Ubuntu 14.04 single-boot with UEFI-mode enabled

Ubuntu – Can not make hibernate on UEFI (Secure boot)

Related Question