Enabling Hibernation on Fedora 43

A complete guide to enable hibernation on Fedora 43 (Workstation) with UEFI and btrfs filesystem, including fixes for Secure Boot and SELinux issues.

Complete Command Reference

Run these commands in sequence to enable hibernation:

# Calculate swap size (RAM-based formula)
SWAPSIZE=$(free | awk '/Mem/ {x=$2/1024/1024; printf "%.0fG", (x<2 ? 2*x : x<8 ? 1.5*x : x) }')
SWAPFILE=/var/swap/swapfile

# Create btrfs subvolume and swap file
sudo btrfs subvolume create /var/swap
sudo btrfs filesystem mkswapfile --size $SWAPSIZE --uuid clear $SWAPFILE

# Enable swap file
echo $SWAPFILE none swap defaults 0 0 | sudo tee --append /etc/fstab
sudo swapon --all --verbose

# Configure dracut for resume
echo 'add_dracutmodules+=" resume "' | sudo tee /etc/dracut.conf.d/resume.conf
sudo dracut --force --verbose

# Fix SELinux permissions (critical!)
sudo semanage fcontext --add --type swapfile_t $SWAPFILE
sudo restorecon -RF /var/swap

# Test hibernation
sudo systemctl hibernate

Prerequisites

1. UEFI Boot Required

Verify your system uses UEFI:

bootctl

If this prints "Not booted with EFI", this method won't work.

2. Disable Secure Boot (Required)

Important: Hibernation requires Secure Boot to be disabled in BIOS/UEFI settings.

With Secure Boot enabled, you'll get:

Call to Hibernate failed: Sleep verb 'hibernate' is not configured or configuration is not supported by kernel

To disable: Reboot → BIOS/UEFI settings (F2/F10/F12/Del) → Security/Boot menu → Disable Secure Boot → Save and exit.

Why? Kernel lockdown (enabled with Secure Boot) prevents hibernation to unencrypted swap for security reasons.

Step-by-Step Explanation

Step 1: Create Swap File on btrfs

The command btrfs filesystem mkswapfile automatically:

• Disables copy-on-write (COW) for the swap file
• Creates the file with proper attributes
• Avoids the "swapfile must not be copy-on-write" error

Using standard mkswap will fail on btrfs without additional COW disabling steps.

Step 2: Enable Swap File

The swap file is added to /etc/fstab for persistence across reboots and activated immediately. Verify with swapon --show - you should see both your swap file and the existing zram device.

Step 3: Configure dracut

The --verbose flag is important - without it, dracut appears to hang with no output for 2-5 minutes. It shows progress and confirms the command is working.

Step 4: Fix SELinux Permissions

Critical step often missed! Without proper SELinux labeling, you'll get "Access denied" errors even when running as root. These commands tag the swap file with the swapfile_t type that SELinux expects.

Verification

Check System Status

# Verify swap is active
swapon --show

# Check security configuration
fwupdmgr security

# Verify SELinux context
ls -Z /var/swap/swapfile

Expected fwupdmgr security output:

✔ UEFI secure boot: Disabled
✘ Linux kernel lockdown: Disabled (expected for hibernation)
✘ Linux swap: Invalid (unencrypted swap present)

Troubleshooting

"Sleep verb 'hibernate' is not configured"

Cause: Secure Boot is still enabled
Solution: Disable Secure Boot in BIOS/UEFI settings

"Call to Hibernate failed: Access denied"

Cause: SELinux policy not configured
Solution: Run the SELinux commands from the reference above and verify with ls -Z /var/swap/swapfile (should show swapfile_t)

dracut Appears Stuck

Cause: No progress output by default (takes 2-5 minutes)
Solution: Use --verbose flag as shown in the command reference

"swapfile must not be copy-on-write"

Cause: Using standard mkswap instead of btrfs-specific command
Solution: Use btrfs filesystem mkswapfile as shown in the command reference

Additional Notes

• zram remains active: The existing zram swap device continues to work alongside the swap file. zram has higher priority for normal swap operations; the disk-based swap file is used primarily for hibernation.

• Swap file location: The swap file is in /var/swap/ as a separate btrfs subvolume, isolating it from snapshots.

• Suspend vs Hibernate:

  • Suspend: RAM stays powered, fast resume, drains battery slowly
  • Hibernate: RAM saved to disk, complete power off, slower resume, no battery drain
  • Suspend-then-hibernate: systemctl suspend-then-hibernate (suspends first, hibernates after timeout)

How It Works

On UEFI systems, hibernation uses a streamlined process:

1. systemd stores swap file location in a UEFI variable
2. System writes memory contents to swap file
3. Machine powers off completely
4. On boot, bootloader reads the UEFI variable
5. Kernel resumes from swap file location
6. Memory is restored and execution continues

This is simpler than legacy BIOS systems that required manual boot parameter configuration.

References and Documentation

Based on: Fedora Magazine - Update on hibernation in Fedora Workstation

Additional references:

• Arch Wiki - Dracut Hibernation
• btrfs Wiki - Swap File Support
• Forum post by Ben (January 28, 2025) - SELinux configuration fix

Key improvements over original article:

1. Uses btrfs filesystem mkswapfile instead of standard mkswap (avoids COW issues)
2. Includes SELinux configuration (prevents "Access denied" errors)
3. Documents Secure Boot requirement (must be disabled)
4. Uses --verbose flag for dracut (shows progress)
5. Complete troubleshooting section

Tested on: Fedora 43 Workstation, UEFI boot, btrfs filesystem
Last updated: February 2026

---

This guide is provided as-is for the community. Feel free to share, modify, and improve.