[RFC PATCH 3/3] PM: hibernate: document encrypted snapshot seed ABI
From: Sean Rhodes
Date: Mon Jul 13 2026 - 11:45:20 EST
Document the write-only snapshot_seed sysfs file and update the userspace
snapshot interface text to describe the opaque wrapped-key flow used by
encrypted hibernation.
Tested with a final-tree W=1 object build of kernel/power/snapenc.o,
kernel/power/hibernate.o, and kernel/power/user.o.
Signed-off-by: Sean Rhodes <sean@starlabs.systems>
---
Documentation/ABI/testing/sysfs-power | 14 ++++++++++++++
Documentation/power/userland-swsusp.rst | 15 +++++++++------
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-power b/Documentation/ABI/testing/sysfs-power
index d38da077905a..57f6063ef88c 100644
--- a/Documentation/ABI/testing/sysfs-power
+++ b/Documentation/ABI/testing/sysfs-power
@@ -470,3 +470,17 @@ Description:
Minimum value: 1
Default value: 3
+
+What: /sys/power/snapshot_seed
+Date: July 2026
+Contact: linux-pm@xxxxxxxxxxxxxxx
+Description:
+ Write-only file present when CONFIG_ENCRYPTED_HIBERNATION=y.
+
+ Trusted early userspace writes a 32-byte seed, encoded as
+ 64 hexadecimal characters plus an optional newline, before
+ enabling encrypted userspace hibernation snapshots.
+
+ The first successful write locks the seed until the next boot.
+ Writing the same seed again succeeds. Writing a different seed
+ fails with EPERM.
diff --git a/Documentation/power/userland-swsusp.rst b/Documentation/power/userland-swsusp.rst
index 282e01d2fe61..777518ac591d 100644
--- a/Documentation/power/userland-swsusp.rst
+++ b/Documentation/power/userland-swsusp.rst
@@ -116,12 +116,15 @@ SNAPSHOT_S2RAM
its state on the basis of the saved suspend image otherwise)
SNAPSHOT_ENABLE_ENCRYPTION
- Enables encryption of the hibernate image within the kernel. Upon suspend
- (ie when the snapshot device was opened for reading), returns a blob
- representing the random encryption key the kernel created to encrypt the
- hibernate image with. Upon resume (ie when the snapshot device was opened
- for writing), receives a blob from usermode containing the key material
- previously returned during hibernate.
+ Enables encryption of the hibernate image within the kernel. Trusted
+ early userspace must write the 32-byte snapshot encryption seed to
+ /sys/power/snapshot_seed before calling this ioctl. Upon suspend
+ (ie when the snapshot device was opened for reading), this ioctl returns
+ an opaque wrapped key blob and the starting nonce. Upon resume (ie when
+ the snapshot device was opened for writing), this ioctl receives the
+ same blob and nonce from usermode after the same seed has been written
+ to /sys/power/snapshot_seed. The plaintext image key is generated and
+ unwrapped inside the kernel.
SNAPSHOT_SET_USER_KEY
Mixes additional user key material into the data portion of an encrypted
--
2.53.0