I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

  • SethranKada
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    I think people are misunderstanding the whole point of drive encryption. It’s so that if the drive is stolen or lost, you don’t have to worry about it as much. I personally don’t see any benefit in doing this if I have to enter a password every time I plug the damn thing in. If you’re concerned about somebody stealing your laptop or desktop, the disk-encryption should be the least of your worries.

    To the OC; if you happen to use GNOME, then check out the settings in the DISKS app. It has auto-unlock options in the per-drive settings. I long ago configured it so my USB is auto-unlocked upon being plugged in. Though after several system resets and such whatever I did to do that seems to no longer be visible in the GUI, I know that’s how I set it up in the first place.

    • Jediwan@lemy.lolOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      9 months ago

      To the OC; if you happen to use GNOME, then check out the settings in the DISKS app. It has auto-unlock options in the per-drive settings.

      Thanks so much!

      EDIT: This didn’t work

      • SethranKada
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Is the setting missing? Or is the setting just not working properly? My laptop has the option greyed out and stuck in the “enabled” setting. I’m not sure how much help I’ll be, but I can try?

    • PainInTheAES@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      They do understand the point. The problem is that if you use TPM to unlock on boot it is slightly self defeating. Now the attacker has access to your display manager or TTY. They can guess passwords, try to bypass the biometric checks, or find an exploit. But that does indicate a higher tech level that your average thief.

      • Jediwan@lemy.lolOP
        link
        fedilink
        arrow-up
        5
        ·
        9 months ago

        I appreciate the concern but odds are if someone is stealing my PC its not going to be a 1337 hax0r. I am not keeping government docs on here I just don’t want someone to be able to rip out the HDD and have easy access to everything.