In my systemd jounal (journalctl) I often see this message:
hibernation is restricted; see man kernel_lockdown.7
This seems to stem from the kernel lockdown feature that (only?) is active when you boot in UEFI mode with secure boot enabled.
As far as I understand that this feature is supposed to prevent a program running at user-space from modifying the kernel.
While I do understand that so far, I just don’t get one thing:
Why does the kernel lockdown disable that feature? Why does it disable hibernation altogether?
What is exactly is “insecure” about hibernation that this is disabled?
It seems a locked down kernel does not want me to hibernate my device.
Linux kernel v5.6.15
Fedora 32 Silverblue
Cross-posted at Unix Stackexchange.