Hey everyone, I’m the person that wrote the hibernation / lockdown mode patch for the kernel (did not know anyone else knew about it, I’ve only posted it to an obscure question in stack exchange), and have been using it by modifying the linux pkgbuild on arch for quite some time now.
It looks like it’s not just me that wants this, maybe we should take it up with the kernel devs on their mailing list?
@Kelvie - Thanks for your solution. It would be awesome if that feature would take place in a kernel! Just to know it, how would that work? ; )
But found a reddit post that describes why it shouldn’t be an activated feature for all:
https://www.reddit.com/r/Fedora/comments/r4a4so/interesting_fedora_does_not_support_hibernation/
@Kelvie, it would be awesome to have the patch in the official kernel, but I don’t know the way how to get it there but I have I slight doubt if it will get accepted looking at the effort it needs to get it “working”.
At least some of these points shouldn’t matter anymore if you enabled encrypted ram which is possible with frame.work.
Btw, the patch is still working with kernel version 6.3.8! 
Yes, you are right. I mean it more in that way, that adding those kernel features, seems unlikely, cause they deliver to all devices.
Maybe git repo, with a pipeline that add’s needed stuff and bundle the kernel could be a good solution to run over time?
Just mention it, cause it could be a little bit annoying to recompile and reconfigure hibernation from time to time…
PS.: At least my setup seems to need my attention again after the last patches… ; )
As an addition, check out this nice write-up for tpm2 decription: https://community.frame.work/t/guide-setup-tpm2-autodecrypt
Just in case, I adapted the kernel patch to be compatible with kernel version 6.7.x: Enable hibernate during lockdown · GitHub
I’m a fedora noob and would appreciate some help. I’m running into issues applying the patch to my current kernel (6.7.4-200). After finishing the wget, then sed lines and trying to run rpmbuild it seems there are some errors introduced.
I get:
sam@fedora:~/rpmbuild/SPECS$ time rpmbuild -bb --with baseonly --without debuginfo --target=$arch kernel.spec | tee ~/build-kernel.log
error: parse error in expression: 0%{.fedora
error: ^
error: /home/sam/rpmbuild/SPECS/kernel.spec:99: bad %if condition: 0%{.fedora
Building target platforms: x86_64
Building for target x86_64
real 0m0.021s
user 0m0.011s
sys 0m0.011s
Looking at the original spec file it looks like alot of the 0%{?fedora} lines are being mangled changed but I’m not knowledgeable enough to go through the whole spec and fix them myself. Am I doing something wrong?
I know I’m a bit late but I had the same problem and think I found the issue. The line:
sed -i "s/.$name/.$name\n%define pe_signing_cert $name/g" kernel.spec
causes many substitutions, which results in the error you’re seeing. If you run everything before that line, then instead run
sed -i "s/%define buildid \.$name/%define buildid .$name\n%define pe_signing_cert $name/g" kernel.spec
it works!
I’ll have to try this when I get a chance. Any idea if it works with fedora 40?
I’m trying to set it up on Fedora 40. I started compiling, then stopped it, then found that it cleans the build directory every time I invoke the build command. Normally I’d start it building, run for a bit, get some other work done, run again, etc, but I can’t here so haven’t been able to let it fully build yet. Will let you know if it’s successful when I have time to run it.
Edit: for future reference, here’s the settings I’m using for Fedora 40:
export arch=x86_64
export ver=6.8
export minrel=7
export pkgrel=300
export subver=$minrel-$pkgrel
export fedver=fc40
export name=$(hostname)
Are kernel patches still required if rocking Fedora 40 on here? I went from an 11th gen i7 to amd 7840U and I wonder if some of the suggestions here still apply
It’s still working with the patch from here [Guide] Fedora 36+: Hibernation with enabled secure boot and full disk encryption (fde) decrypting over tpm2 - #28 by Sebali