Linux Security Summit North America 2026

The Lockdown LSM is intended to ensure the integrity of all code in kernel space. Hibernation is a technology that allows the entire contents of RAM to be stored to disk and then later restored. What stops an attacker modifying the contents of the hibernation image, or providing their own hibernation image that contains malicious code, violating the design goals of Lockdown? The answer at the moment is "Lockdown disables hibernation", and everyone agrees that this is a bad answer. Let's fix that.

This presentation will describe the design and implementation of a patchset that allows hibernation images to be secured using hardware-backed keys, tied to system state in a way that prevents them being extracted and used to sign a malicious image. It will cover some of the corner cases and describe future work that would enable additional behavioural guarantees that are not part of the initial implementation. We will then discuss whether this is the right way of solving the problem, what alternatives there might be, and whether any of this is worth t at all.