hibernate: Disable when the kernel is locked down

There is currently no way to verify the resume image when returning
from hibernate.  This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0047-hibernate-Disable-when-the-kernel-is-locked-down.patch

diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index a8b978c35a6a9392c3d4721e12f68c9794ac620b..50cca5dcb62fdb792b32448c56f76f01e2278482 100644 (file)
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
 
 bool hibernation_available(void)
 {
-       return (nohibernate == 0);
+       return nohibernate == 0 && !kernel_is_locked_down();
 }
 
 /**