Encrypted hard drive asking for password every time
Encrypted hard drive asking for password every time
I recently switched to Linux (Zorin OS) and I selected "use ZFS and encrypt" during installation. Now before I can log in it asks me "please unlock disk keystore-rpool" and I have to type in the encryption password it before I'm able to get to the login screen.
Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.
Also might TPM have anything to do with this?
EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks "aren't secure against battering rams". Normal people don't need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.
You're viewing a single thread.
I use partial disk encryption myself using luksCrypt but without the auto unlock, your comment on the crackhead stealing it doesn't help you in that scenario, you 1000% can tie a partition encryption or home directory encryption and have it automatically decrypt using either a USB drive or TPM but, as is with Windows and MacOS if your PC gets stolen, the drive will be unlocked automatically regardless if it is you, it's only if the drive gets stolen on it's own that an auto unlock drive would help you, but it's not likely that only that will happen. At that point it might not be worth encrypting as a whole if that was your main concern.
My previous laptop got struck by lightning last month. Because I had a passphrase & not TPM for unlocking, I stripped the NVMe from the board, put it in an enclosure, entered the passphrase, & now I can access all my data for recovering from that situation. Had I tied it to TPM, I wouldn’t be able to recover my data (ZFS & Bcachefs only have one ‘slot’ for passphrases so no secondary, backup key)—while, as you pointed out, a thief can just boot the laptop they stole to get the data. Point being: passphrases offer advantages while being dead simple.
shame it got struck by lightning, in another world you would've won the lottery with those chances