I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

  • GolfNovemberUniform@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    Afaik you can’t. Disk encryption requires entering the password every time and it asks for it BEFORE the OS is started so you can’t use biometric login either

    • Jediwan@lemy.lolOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      9 months ago

      That’s not technically true as enabling bitlocker on windows and filevault on Mac don’t require two different passwords.

      • visc@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        Mac will ask you to “log in” very early in the boot process to decrypt the disk, I assume it keeps the drive key encrypted with your password somewhere.

        • Jediwan@lemy.lolOP
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          That’s just not true I have two macs with it enabled on both and it requires a single “normal” password

          • GlitzyArmrest@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            That’s likely because your Macs are using the TPM. Does your Linux machine have a TPM, and are you using it?

            • Jediwan@lemy.lolOP
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              9 months ago

              I don’t think so, they are both intel macs over 10 years old and Macs didn’t start adding TPM until 2017. On Mac, when you check the box to encrypt the drive during install you’re prompted for an encryption password which you never need to use again unless you remove the drive and put it into another mac (or in my case add a second hard drive and use the original as “extra” storage).

    • Jediwan@lemy.lolOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      9 months ago

      Encryption makes it more difficult to copy data from the drive. Windows and MacOS can manage to encrypt drives without requiring two different passwords, I mistakenly assumed Linux could too.

      • GlitzyArmrest@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        If you’re having it automatically unlock the drive at boot, it kind of defeats the purpose. If someone steals your tower, they can boot it and copy the unencrypted contents since it automatically unlocks.

        • fuckwit_mcbumcrumble@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          9 months ago

          OP isn’t asking for it to decrypt automatically. OP is asking for the entering the decryption password to also log you in. That way you only have to type the password once, instead of twice.

        • Pantherina@feddit.de
          link
          fedilink
          arrow-up
          0
          ·
          9 months ago

          I dont think you can. Can you read SSD storage while that is running? The drive needs to be decrypted using the TPM, and that should only work when its plugged in.

      • kebabslob@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        0
        ·
        9 months ago

        How… How would they get the drive? Would n that need access to your computer? I imagine at that point they could turn it on first and copy your data that way, no?

  • deafboy@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    There used to be exactly what you are looking for. Encfs, and later ecryptfs could encrypt just the data in your home folder.

    It was a checkbox in ubuntu installer, just like the full disk encryption today. The key was protected by the standard user password.

    Unfortunately, it was deprecated due to discovered security weaknesses, and I’m not aware of any viable replacement.

  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    0
    ·
    9 months ago

    Thats how encryption works. Encryption with TPM protects against removing the drive and reading somewhere else, so I suppose it makes sense for most people.

    Linux Distros have this option, Ubuntu has it now I think, but on the others its often manual setup.

    Just search for “cryptsetup change to tpm”