Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7

Question

Few days back, I ran dmesg on my terminal to see this line Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7

Sometimes, as in the image below [attached], the kernel ring buffer only prints this line repeatedly!

What is this diagnostic message regarding, and what does it mean? What should I be doing if it is something that I should dealing with immediately?

Related: [Why does the kernel lockdown prevent hibernation?](https://unix.stackexchange.com/q/591488/86440) — Stephen Kitt, Jul 16 '20 at 11:31

score 2 · Answer 1 · edited Dec 16 '20 at 13:41

2

Have you tried following advice in the error message and actually reading "man kernel_lockdown.7"?

Let me quote:

Certain facilities are restricted... Unencrypted hibernation/suspend to swap are disallowed.

That's pretty much sums it up - enabling swap encryption should fix the problem.

edited Dec 16 '20 at 13:41

GAD3R

63,407
31
131
192

answered Dec 16 '20 at 11:16

Max

37
4

4

If you can reasonably assume that the OP isn't trying to hibernate their system every 4 seconds, this answer is not very helpful. I get the same message and I don't even have a swap partition. – Seth Robertson Apr 04 '21 at 21:11
3

In fact, on Ubuntu 20.04 there is no "kernel_lockdown.7" manpage. – James Jul 22 '21 at 04:37
@James [yes there is](https://man7.org/linux/man-pages/man7/kernel_lockdown.7.html), it just isn't included with some systems. – Nate T Jul 31 '21 at 03:58
2

@NateT It's not. [Ubuntu Bug Tracker](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1767971) is saying it's not available for 20.04 and trying to access it via [Ubuntu Manpage](http://manpages.ubuntu.com/manpages/focal/en/man7/kernel_lockdown.7.html) just boots back to 21.10, suggesting _it is not available_ as well :/ – James Aug 04 '21 at 02:17

score 2 · Answer 2 · answered Feb 11 '21 at 04:25

I came across this topic while trying to figure out how to lift the kernel lockdown with secureboot enabled.

https://unix.stackexchange.com/a/591493

The manpage gives false hope that encrypted hibernation would be supported in lockdown, but that’s currently not the case, and the real requirement appears to be signed hibernation images rather than (or presumably in addition to, depending on the lockdown mode) encrypted images.

With swap encryption enabled in ubuntu 18.04 on 5.3.0-70-generic and 5.4.0-65-generic, hibernation still does not work. After reading the twitter thread at the link provided, it seems to me that hibernate in secureboot is not supported.

Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7

2 Answers2