[RESPONDED] FW13 AMD - SED with S2idle?


Just got my fw13 amd, trying to setup full disk encryption.
Does anyone have any success with hardware encryption of SED (self encrypted drive) and S2 idle suspend?
Currently, after waking up from suspend with storage password enabled, system crashes.

I want to have ubuntu installed on internal drive and windows installed on storage expansion. So far, I’ve setup ubuntu with LUKS software encryption and windows to go, and can switch between both OS’es with no issues.

  1. windows is known to mess up with bootloader partitions,
  2. code from windows can read and modify initrd img, which is unencrypted and not verified at boot time
    if I enable hardware encryption and choose not to decrypt it at boot, I can boot into secondary OS without it being able to modify initrd in meaningful way.

Educated guess on where the issue is - can you turn off IOMMU for Linux or put it in passthrough and s2idle works? Try them separately.
amd_iommu=off or iommu=pt on the kernel command line.

1 Like

What configuration of Framework 13 did you purchase or build?

HI Zach,

Mario’s advice is a place to test from, but do note we do not test or recommend anything outside of LUKS at this time - this includes SED.

That said, testing the parameters Mario suggested may give you a jumping off point from which to test from.

I’ve since switched to another setup to encrypt /boot and not use hardware encryption.
For those who wonder, I did try turn off IOMMU via grub kernel parameter & I’ve also ran update-grub after that. But s2idle still doesn’t work.
Thanks for suggestions anyways.