Just got my fw13 amd, trying to setup full disk encryption.
Does anyone have any success with hardware encryption of SED (self encrypted drive) and S2 idle suspend?
Currently, after waking up from suspend with storage password enabled, system crashes.
Context:
I want to have ubuntu installed on internal drive and windows installed on storage expansion. So far, I’ve setup ubuntu with LUKS software encryption and windows to go, and can switch between both OS’es with no issues.
Because
windows is known to mess up with bootloader partitions,
code from windows can read and modify initrd img, which is unencrypted and not verified at boot time
if I enable hardware encryption and choose not to decrypt it at boot, I can boot into secondary OS without it being able to modify initrd in meaningful way.
Educated guess on where the issue is - can you turn off IOMMU for Linux or put it in passthrough and s2idle works? Try them separately. amd_iommu=off or iommu=pt on the kernel command line.
I’ve since switched to another setup to encrypt /boot and not use hardware encryption.
For those who wonder, I did try turn off IOMMU via grub kernel parameter & I’ve also ran update-grub after that. But s2idle still doesn’t work.
Thanks for suggestions anyways.
I tried it as soon as I upgraded to 3.05. However I see the same problem - with nvme password set in BIOS, system hangs on resume saying something like unable to access block device.
For context my specs is 7640u, 32gb crucial ram and samsung 990 pro ssd. Maybe a different ssd would behave differently…