So, now one can have unencrypted swap with an encrypted hibernation memory dump AND some unencrypted swapped memory? (;

I had a Linux computer once that could hibernate. I think it was some time around 2012. I enjoyed it.
Nowadays, even Windows machines often fail to hibernate properly for me.

Shall we throw in encryption? Yeah why not?

So it could be even more likely to freeze? Actually I don't really know. What I do know is this, if you switch off your system via power strip while hibernating it can cause multiple UEFI boot failures until the UEFI's memory buffer is finally flushed with other data via OS loading after entering UEFI and not saving to UEFI. In some cases one would need to load UEFI system settings defaults depending on the UEFI. I saw this happen with Manjaro until I disabled it's power utilities. I have never been a fan of hibernate.

Now what I did is stupid but I needed sleep bad and fell asleep in front of the hibernating system after install, and I just said forget it! Flick! Time to crash lol! Thats one way of congesting a UEFI and temporarily bricking your system via turning it off the wrong way.

Freezes on hibernation resume are likely due to buggy drivers or a misconfigured system (not resuming because you forgot to include resume=... in the command line, for example.

I didn't read the announcement in detail, but this likely sits at least one layer above block devices drivers, so I think it is unlikely to cause more crashes (once it has stabilized enough).

The hard thing with device drivers is the number of possible combinations. This shouldn't be the case here, as far as I know (unless it could expose another problem in a troublesome driver, which I doubt is possible).

So far, so good. Now, are there any ways to encrypt hard disk during suspend (and fetch keys from the tpm when resuming, or something like this)?

I guess this post does not really apply for me but I did think it was interesting. I could see encrypting a system if you work for a company who does not want their idea stollen or you have lot's financial data on your system stored. I understand that encryption is a good idea but for someone that only makes music, graphics, games and studies technology I never have found a good reason to encrypt. I encrypted once using luks just to see what a system felt like encrypted, ended up doing a reinstall, for me I don't feel its needed nor is my thing. I am a lot more worried of corrupted data due to encryption than the added layer of security that encryption provides for partitions, and performance reasons as well.

Why don't you just encrypt your swap, too?

Sure, you can do full disk lvm encryption and have encrypted swap BUT
why are you encrypting your hibernation image specifically if it''s saved to encrypted swap? I read his post as pointing out that encrypted hibernation doesn't really make sense since you can either full disk encrypt and be secure or do any kind of "partly" encryption and not really be sure. As another random example, if you connect and encrypted harddrive to a insecure box and browse around then you'll get thumbnails on it in $HOME/.cache/thumbnails which somewhat indicate what's on the external drive. The fact that a encrypted hibernation image doesn't help all that much if there's unencrypted memory in your swap is a valid point and one worth considering.

A small personal story worth thinking about: some guy bought a minor amount (like $200 worth) of BTC from me and paid with some kind of fraud bank account in 2013. I found out in 2015 when some criminal policemen broke into my home and stole some computer equipment and confiscated other equipment (=listed it as "evidence" and I got it back, unlike the things they outright stole). You don't have to do anything illegal ever to experience what it's like to have criminals going through all your files. Doesn't matter that they find nothing illegal, it's still very creepy. It's best to have everything encrypted.

Just my two cents:

• You can have an encrypted swap without a full disk encryption; in fact, it is quite easy and straightforward to configure it.
• What is the use case of all this? To ensure that no plain text gets written to disk, either by swapping or hibernating, and nothing gets left behind after a shutdown. Yes, you can have apps like GNOME's thumbnailer spilling the beans; but apps like a password manager should be safe under this scenario. Or you could have a virtual machine configured with full disk encryption for all your sensitive info and apps, and hibernation or swapping on the host machine will not write any unencrypted data to disk.