I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.
Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.
Also might TPM have anything to do with this?
EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.
The common way to do it with LUKS2 and TPM as detailed on the Arch wiki. Not sure if that’ll apply at all to ZFS and Zorin though
It is less secure though. What I do is set my computer to log in on start and I set up fingerprint auth. So I only need to login once on startup with the drive decryption.
Here’s a reddit post on using clevis, TPM, and ZFS to decrypt.
You should also know that if you’re mobo dies so does your data.
Dead motherboard is not an issue. LUKS supports multiple decryption key slots, you just set up the TPM as one of them. The fallback mode is you have you enter the password twice again.
Ah, good to know.