hibernate: Disable in a signed modules environment

There is currently no way to verify the resume image when returning
from hibernate.  This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>

diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index 690f78f210f2cf4ec9436c9f37a3bbf5eb876397..037303a1cba99ba1acf24a636a5de5fb6a555de1 100644 (file)
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -29,6 +29,7 @@
 #include <linux/ctype.h>
 #include <linux/genhd.h>
 #include <linux/ktime.h>
+#include <linux/module.h>
 #include <trace/events/power.h>
 
 #include "power.h"
@@ -66,7 +67,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
 
 bool hibernation_available(void)
 {
-       return (nohibernate == 0);
+       return ((nohibernate == 0) && !secure_modules());
 }
 
 /**