1
1
Fork 0

pygoscelis: Enable hibernation

This disables CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON by itself
and lockdown by choice as my system did not let me hibernate with
enabled lockdown, even though fwupdmgr recognized the encrypted swap.

For the decryption of swap I added a second rd.luks.uuid entry
aswell as resume=UUID=... - first one pointing to the outside LUKS
container, second one to the unlocked swap partition.

For now I have to enter passphrases for / and swap at boot and resume.
This commit is contained in:
Nils Freydank 2025-03-16 13:15:10 +01:00
parent dcf3711270
commit 9732dcbf8b
Signed by: nfr
GPG key ID: 0F1DEAB2D36AD112

View file

@ -531,10 +531,16 @@ CONFIG_ARCH_HAS_ADD_PAGES=y
#
# Power management and ACPI options
#
CONFIG_ARCH_HIBERNATION_HEADER=y
CONFIG_SUSPEND=y
CONFIG_SUSPEND_FREEZER=y
# CONFIG_SUSPEND_SKIP_SYNC is not set
# CONFIG_HIBERNATION is not set
CONFIG_HIBERNATE_CALLBACKS=y
CONFIG_HIBERNATION=y
# CONFIG_HIBERNATION_SNAPSHOT_DEV is not set
CONFIG_HIBERNATION_COMP_LZO=y
CONFIG_HIBERNATION_DEF_COMP="lzo"
CONFIG_PM_STD_PARTITION=""
CONFIG_PM_SLEEP=y
CONFIG_PM_SLEEP_SMP=y
CONFIG_PM_AUTOSLEEP=y
@ -6469,11 +6475,7 @@ CONFIG_FORTIFY_SOURCE=y
# CONFIG_SECURITY_LOADPIN is not set
CONFIG_SECURITY_YAMA=y
# CONFIG_SECURITY_SAFESETID is not set
CONFIG_SECURITY_LOCKDOWN_LSM=y
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE is not set
CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
CONFIG_SECURITY_LANDLOCK=y
# CONFIG_INTEGRITY is not set
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
@ -6650,7 +6652,7 @@ CONFIG_CRYPTO_CRC32=m
# Compression
#
CONFIG_CRYPTO_DEFLATE=m
CONFIG_CRYPTO_LZO=m
CONFIG_CRYPTO_LZO=y
# CONFIG_CRYPTO_842 is not set
# CONFIG_CRYPTO_LZ4 is not set
# CONFIG_CRYPTO_LZ4HC is not set
@ -7304,6 +7306,5 @@ CONFIG_GENTOO_LINUX_INIT_SYSTEMD=y
# end of Support for init systems, system and service managers
CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
# CONFIG_GENTOO_KERNEL_SELF_PROTECTION_COMMON is not set
CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y
# end of Gentoo Linux