From 41027153f4f057d30950e5aa58ca4661f936a06d Mon Sep 17 00:00:00 2001 From: Chris Murphy Date: May 28 2020 18:27:36 +0000 Subject: First draft. --- diff --git a/hibernationstatus.md b/hibernationstatus.md new file mode 100644 index 0000000..238d7f5 --- /dev/null +++ b/hibernationstatus.md @@ -0,0 +1,82 @@ +# Supporting hibernation in Workstation ed., draft 1 + +2020-05-28 + +**Synopsis:** The Fedora Workstation working group recognizes hibernation can be useful, but due to impediments it's currently not practical to support it. This is a recognition of the current state of affairs, but the working group wishes hibernation could be relied upon, and thinks there is a viable approach for limited support of hibernation in the future. We encourage interested parties to pursue the needed improvements. In the meantime, Workstation Edition won't be constrained by the current status. There are desired enhancements to performance and security that are hindered by the status quo. The working group will re-evaluate when the significant impediments have been adequately addressed. + +We would like to see an install time means of enabling hibernation retained via Custom partitioning. If the user chooses to create a swap partition, the installer will include a resume=UUID kernel parameter hint so that the kernel can find the hibernation image. + +**Prior discussions in Fedora:** +- Support for hibernation 1/2: background and summary 2020-02-09 [1] +- Support for hibernation 2/2: questions 2020-02-09 [1] + +**Working hibernation is helpful:** +- less power consumption than S0 or S3; +- even if resume is slower than boot, it can be faster at restoring the user's prior working environment; +- avoids data loss in low battery situations, the alternative is power off or suspend-to-RAM followed by power off when the battery arrives at 0%, both of which are often abrupt. + +**Alternatives:** +- Windows and macOS favor Modern Standby and Power Nap, a.k.a. S0 low power idle [2]; +- Short waits, and cpuidle [3]; +- application autosave and recover statefulness. + +*Note 1:* These items are complementary to hibernation. But if fully developed they could be alternatives. Windows, macOS, Android, iOS, Chrome OS do such things, and either deemphasize hibernation or lack it entirely. + +*Note 2:* There is a pernicious problem with laptop batteries. As they age, they often won't tolerate load very well, leading to rapid discharge and very short or no notice before a compulsory power off. In such cases, even when the system is hibernation capable, hibernation can fail. Power can be lost during hibernation entry. There isn't much software can do to second guess the commonly confused state of aged batteries. + +**Current significant impediments:** +- UEFI Secure Boot is overwhelmingly present and enabled by default on new computers; +- kernel lockdown policy inhibits hibernation when Secure Boot is enabled; +- ACPI bugs can be transient and difficult to fix or work around; hibernation can mean data loss due to failed entry or exit; +- resource requirements for the permanent swap partition can be excessive, Anaconda history states the reason for the current swap partition size is to accommodate hibernation; +- large swap partition exacerbates performance problems in swap heavy workloads. + +**Necessary enhancements to hibernation:** +- signed and encrypted hibernation image [4]; + +**Nice to have enhancements to hibernation:** +- dynamic swapfiles created and enabled prior to hibernation entry [5]; +- single interface for determining the location of the hibernation image for all file systems [6] +- TPM2 support, or alternative, for storing the key(s) needed to resume. + + +[1] +https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/thread/V5MOCX23KU45J3WXUN6TCGEJYQLXQYUL/ +https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/thread/J2EG7DXIVSUV3ENXRSQYUFXWQXH56GNC/ +https://pagure.io/fedora-workstation/issue/121 +https://pagure.io/fedora-workstation/issue/120 + +[2] +low power idle in Linux +https://lwn.net/Articles/762132/ + +[3] +Short waits with umwait +https://lwn.net/Articles/790920/ +The pseudo cpuidle driver +https://lwn.net/Articles/820870/ + +[4] +It's not enough to encrypt swap because encryption alone provides no integrity. Even though there is an authentication component to the encryption, the image can't be said to be authentic -- as-in trustworthy. To provide the required trust and confidentiality, the hibernation image needs to be signed and encrypted. Joey Lee @ SUSE recently confirmed this is the latest status of that work: +https://lkml.org/lkml/2019/7/10/601 +This is the most central nugget that's needed to get to limited hibernation support. + +[5] +Developing this means hibernation could be enabled post-install, and more easily serve competing use cases. Use cases that don't need hibernation avoid the space wasted for a dedicated and unused swap partition. Use cases that need hibernation can be supported without a swap partition being created at install time. +https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/MML5MAKBFNEXBT67TCOVUWGFNOUDYUUP/ +https://pagure.io/fedora-workstation/issue/120#comment-618549 + +[6] +https://github.com/systemd/systemd/issues/11939#issuecomment-471684411 + + +Appendix + +Hibernation in the cloud +https://lwn.net/Articles/821158/ + +Article about Fedora 29 suspend-then-hibernate +https://lwn.net/Articles/764841/ + +hybrid-sleep vs suspend-then-hibernate +https://www.freedesktop.org/software/systemd/man/systemd-sleep.conf.html