July 2, 2026

Sleep mode, but make it scandal

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

Your laptop thought it was locked on sleep — commenters say “just shut it down”

TLDR: A Linux bug meant some laptops didn’t fully lock their encrypted drives when put to sleep, leaving a secret key in memory until a new fix landed. Commenters turned it into a full-on fight over whether users should shut down, hibernate, or stop blaming people for wanting convenience.

A nasty security surprise just dropped: for more than two years, some Linux laptops using full-disk encryption — basically a feature that scrambles your files so thieves can’t read them — were not fully locking on sleep the way users believed. The machine looked protected when it went into suspend mode, but the secret unlocking key could still stay in memory. Translation: if someone got hold of your still-powered laptop, the protection wasn’t doing the job people thought it was. The fix? Wildly, one line of code — plus new tests and warnings so this kind of silent failure is harder to miss again.

But the real fireworks were in the comments, where the community instantly split into camps. One side came in hot with the classic “I shut down my machine anyway” flex, with one commenter basically declaring suspend on Linux a “crapshoot.” The pushback was immediate: others mocked that attitude with the digital equivalent of “you’re holding it wrong,” turning the thread into a mini blame-the-user circus. Then came the relatable crowd: people admitting they’re too lazy to fully shut down because reopening everything is annoying. Honestly? That may be the most universally human take in the whole discussion.

There was also a practical debate over sleep versus hibernation: keep things in memory for convenience, or wipe memory and re-enter your password for safety. The mood was part alarm, part nerd rage, part weary comedy: how many people trusted a lock that wasn’t really locking?

Key Points

  • The article says that since Linux 6.9, the tool used to lock an encrypted laptop drive on suspend had been silently failing.
  • As a result, the LUKS disk-encryption key reportedly remained in memory across suspend instead of being wiped.
  • The article states that full shutdown still cleared the protection issue, but suspend did not.
  • The cause is described as an unintended interaction introduced by a Linux kernel refactoring.
  • The author reports a one-line fix, an automated regression test, and a separate patch to warn instead of failing silently.

Hottest takes

"suspend is still a crapshoot on linux" — bwat49
"you're holding the phone the wrong way" — ekunazanu
"I am too lazy for that" — codedokode
Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.