I think the real challenge here is for distro vendors to figure out how to provide a better user experience around this. There's no reason that the ephemeral key can't be stored in a sealed state that can be recovered as the machine wakes. There are obviously some security implications to this, but I think it's fair to say that a lot of users would prefer making that trade-off.
[1]: https://gist.github.com/RobFisher/abd9b2b9fca4194ac8df112715...
1. Create a swap file. Our rule of thumb is ram + sqrt(ram) for hibernate
fallocate -l 72GiB swapfile
chmod 600 swapfile
mkswap swapfile
swapon swapfile
swapon --show
2. emerge suspend
3. Get the number to use with resume_offset later. In the current case, it was 125798400
swap-offset /swapfile
emerge sys-boot/grub
grub-install --target=x86_64-efi --efi-directory=/boot
vim /boot/grub/grub.cfg
timeout=5
menuentry 'Gentoo Linux 5.18.19' {
root=hd0,1
insmod all_video
linux /kernel-5.18.19 root=/dev/mapper/root resume=/dev/mapper/root resume_offset=125798400
}
4. Fix suspend.conf
vim /etc/suspend.conf
resume device = /dev/mapper/root
resume offset = 125798400
5. Setup an initramfs
cd /usr/src
mkdir initramfs
cd initramfs
mkdir -p bin dev etc proc sys new-root
cp -a /dev/{null,console,tty} /usr/src/initramfs/dev/
cp -a /bin/busybox ./bin
cd bin
for i in `./busybox --list`
do
ln -s ./busybox $i
done
cd ..
cp -a /sbin/cryptsetup ./bin
mkdir -p ./run/cryptsetup
lddtree -l /sbin/cryptsetup
Copy in all of those files until the local cryptsetup works appropriately
vim init
#!/bin/sh
# Define a rescue shell
rescue_shell() {
echo "Error in boot process, dropping to a shell"
exec /bin/sh
}·
# Mount our devices. We sleep prior to dev to hopefully finish loading.
mount -t proc none /proc
mount -t sysfs none /sys
sleep 2 && mount -t devtmpfs none /dev
# Decrypt the root partition
cryptsetup --allow-discards luksOpen /dev/nvme0n1p2 root || rescue_shell
# Attempt to resume
printf '%u:%u\n' $(stat -L -c '0x%t 0x%T' /dev/mapper/root) > /sys/power/resume
# If we're not resuming, mount the new root
mount -o noatime,discard -t ext4 /dev/mapper/root /new-root
# Unmount (cleanup) our devices
umount /proc
umount /sys
umount /dev
# Boot from the unencrypted partition
exec switch_root /new-root /sbin/init
6. Suspend should be working with:
echo shutdown > /sys/power/disk
echo disk > /sys/power/state
or preferably
loginctl hibernate
Can you expand on this? Perhaps a URL with more detail?
Battery life of ThinkPad that supports Linux with TLP installed and properly configured will be very similar to Windows. And to address FUD from other reply to your question: AFAIK official Firefox builds for Linux use PGO as well, however PGO has quite less impact on battery life than what another commenter suggests.