And its something you want to do for security reasons anyway, since linux by default isn't encrypting swap partitions. Putting swap on an LUKs encrypted partition is a bit of a PITA but allows one to hibernate/resume without fear that ones private keys end up in plaintext stored on a disk.
And relevant to OP, you cannot hibernate on Linux with secure boot enabled, I think precisely because Linux doesn't know how to sign/encrypt the RAM dump (no idea how it's actually called)
Well, its an artificial limitation on secure boot in the Linux kernel pending some cleaups, and is fairly trivial to work around if your willing to comment out the line in question build your own kernel and sign it with a key of your own creation you have enrolled in the firmware.
The problem is less about linux being capable of encrypting/protecting the swap file and more around being able to assure that is true. So like many Linux kernel issues recently its less technical, more political.
So, as I mentioned previously its entirely possible with off the shelf distro's to enable encrypted swap, the average user just has to choose between hibernate, assuring the swap is secure, and secure boot. Its a bit irritating, but seems to be low priority as the focus seems to be on suspend or hibernate without secure boot.
Most (all?) linux filesystems work just fine against raw devices. They are simply unaware of the difference. The larger problem is firmware trying to find partition tables/etc in the middle of a filesytem, but even then its mostly a non issue because random data doesn't tend to look like partition tables or MBRs.
The only snag is swap, which I don't believe can be on a subvolume.
vgchange is a struggle for me, from the first time I saw it in HP-UX.