Originally Posted by Tracy Tiger
When your system is powered back on from hibernate aren't the disks available without encryption (unlocked)?
When your laptop is stolen from your car in a hibernate state won't the disk data be available unencrypted when it is powered back on?
I'm sure several people on this forum (e.g., Alien Bob, Gazl) can explain the process better than I, but what I have observed is that the LUKS encryption password(s) have to be entered before the hibernated image is restored.
Hibernate completely powers off your system after saving everything to your (hopefully encrypted) swap file. When you turn the system back on, it starts with the normal boot process, loads the initrd, attempts to mount and open your root and and swap files. Because they are encrypted, you are prompted for your encryption password(s) to unlock them. It is only then that the hibernation is detected and the system begins to restore the image from swap.