this post was submitted on 24 Feb 2024
96 points (77.3% liked)

Linux

48149 readers
732 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I recently switched to Linux (Zorin OS) and I selected "use ZFS and encrypt" during installation. Now before I can log in it asks me "please unlock disk keystore-rpool" and I have to type in the encryption password it before I'm able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks "aren't secure against battering rams". Normal people don't need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 8 months ago (3 children)

The idea is to use TPM to store the keys - if you boot into a modified OS, TPM won't give you the same key so automatic unlock will fail. And protection against somebody just booting the original system and copying data off it is provided by the system login screen.

Voilà, automatic drive decryption with fingerprint unlock to log into the OS. That's what Windows does anyway.

[–] [email protected] 3 points 8 months ago

I see. I don’t know that the usual drive encryption you set up during Linux install works with that, but there are BitLocker-like programs for Linux that might.

[–] [email protected] 3 points 8 months ago (1 children)

I don't suppose you know of a tutorial to get this set up? Google turned up nothing.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

Might be pretty complicated. https://www.reddit.com/r/zfs/comments/dimtjv// Your best bet is probably to enable autologin and use the same password for the encryption

[–] [email protected] 2 points 8 months ago (1 children)

Although OPs scenario is if someone steals the tower, in which case it’s not a different TPM. Would only help if the drives were yanked, which honestly I’d probably do rather than try to take the whole tower.

[–] [email protected] 8 points 8 months ago (1 children)

If you boot the computer into the currently installed OS, you will be presented with a login screen and will have to enter the correct password to log in (kernel parameters are part of the checksums, so booting into single-user mode won't help you, that counts as a modified OS). If you boot a different OS, you won't get the key off the TPM.