I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.
Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.
Also might TPM have anything to do with this?
EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.
It’s disappointing to see so many commentors arguing against you wanting to do this. Windows has it through bitlocker which is secured via the TPM as you know. Yes it can be bypassed, but it’s all about your threat level and effort into mitigating it.
I am currently using a TPM on my opensuse tumbleweed machine to auto unencrypt my drive during boot. What you want to do is possible, but not widely supported (yet). Unfortunately, the best I can do is point you to the section in the opensuse wiki that worked for me.
https://en.opensuse.org/SDB:Encrypted_root_file_system
If you scroll down on that page you’ll see the section about TPM support. I don’t know how well it will play with your OS. As always, back up all your files before messing with hard drive encryption. Best of luck!
Sums up about every thread asking how to do something on Linux, 30 different responses on how the OP is wrong and shouldn’t do it that way.
To be fair there are probably many different ways to solve the problem. I’m somewhat experienced with Linux and I’ve attempted seeing up TPM LUKS decryption on boot. It’s certainly not easy or at least wasn’t when I tried. For non experienced people it’s easier to just enter the password at boot and enable auto login. Then you get the security, software, ethics, or licensing debates that accompany most Linux discussions.
I mean it’s somewhat of a meme. But XY-Problems are super common. I also sometimes learned something new and that my approach wasn’t the best and I’m kinda experienced with Linux. It’s usually more the annoying and stupid people who don’t want to explain what they’re trying to achieve even if asked and insist on going with the path they’ve chosen without listening to advice… On the other hand it’s a balance. There are also nerds without social skills who don’t explain things well. But in my experience it’s frequently XY-Problems and the people asking for advice not listening.
Yeah, holy shit is this comment section toxic. Why are people downvoting for someone asking for help and not being a dick?
Is this whole community like this? Are the mods okay with this behavior?
Windows is no baseline for security lol
Thanks, Zorin is based on Ubuntu so I have to assume it will be up to date with stuff like TPM which is 15 years old. The data on the page you linked is pretty advanced for me but I’ll give it a shot. Appreciate you addressing my question.
Ubuntu isn’t really on the cutting edge, so I’m not sure how well its going to work. Opensuse tumbleweed is running pretty much the latest everything, so its possible youll need to wait until the next Ubuntu lts
This is also what I would recommend and is most similar to the windows experience