Summary is that I use full-disk encryption (FDE) and use the TPM to decrypt the swap, and use full lockdown mode with a kernel patched to allow hibernation.
Suspend-then-hibernate (in my opinion) is a must-have feature for a laptop that goes in a backpack -- if I close my laptop's lid and put it in my backpack, I expect it to both not overheat, and to have some amount of battery left regardless of when I decide to take it out again.
Anyway, does anyone have it working well, or any other tips?
One thing I've been toying with is using a systemd script to drop the filesystem caches before hibernating to have it resume faster.
That's something over which I used to be very jealous of Windows laptops đ But that was years ago...now my aging 3.2kg ThinkPad is just a "stationery" workstation!
I am not sure if we are discussing hibernation for encrypted systems only, and I do not know what special provisions are needed for that, but for anyone curious, here is what I do on my own machine (not encrypted) per my own notes for setting up Arch, with a swap file rather than a swap partition, and rEFInd as the boot manager (the same kernel params could probably be used in Grub too, though):
I am currently back to running EndeavourOS after PopOS had severe issue running.
Hibernate/sleep out of the box seems to function just fine on my desktop. Iâm running a Ryzen 3600, Nvidia RTX 2060, 32GB ddr4 21xx.
It is setup to lock itself after about ten minutes. Then if no activity for an hour will go into sleep/hibernate. Mouse will not wake it but keyboard works fine and Iâm back to login within 10s or so.