this post was submitted on 24 Feb 2024
96 points (77.3% liked)

Linux

48149 readers
980 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I recently switched to Linux (Zorin OS) and I selected "use ZFS and encrypt" during installation. Now before I can log in it asks me "please unlock disk keystore-rpool" and I have to type in the encryption password it before I'm able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks "aren't secure against battering rams". Normal people don't need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 48 points 8 months ago (5 children)

It's disappointing to see so many commentors arguing against you wanting to do this. Windows has it through bitlocker which is secured via the TPM as you know. Yes it can be bypassed, but it's all about your threat level and effort into mitigating it.

I am currently using a TPM on my opensuse tumbleweed machine to auto unencrypt my drive during boot. What you want to do is possible, but not widely supported (yet). Unfortunately, the best I can do is point you to the section in the opensuse wiki that worked for me.

https://en.opensuse.org/SDB:Encrypted_root_file_system

If you scroll down on that page you'll see the section about TPM support. I don't know how well it will play with your OS. As always, back up all your files before messing with hard drive encryption. Best of luck!

[–] [email protected] 11 points 8 months ago (1 children)

Sums up about every thread asking how to do something on Linux, 30 different responses on how the OP is wrong and shouldn't do it that way.

[–] [email protected] 9 points 8 months ago (1 children)

To be fair there are probably many different ways to solve the problem. I'm somewhat experienced with Linux and I've attempted seeing up TPM LUKS decryption on boot. It's certainly not easy or at least wasn't when I tried. For non experienced people it's easier to just enter the password at boot and enable auto login. Then you get the security, software, ethics, or licensing debates that accompany most Linux discussions.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

I mean it's somewhat of a meme. But XY-Problems are super common. I also sometimes learned something new and that my approach wasn't the best and I'm kinda experienced with Linux. It's usually more the annoying and stupid people who don't want to explain what they're trying to achieve even if asked and insist on going with the path they've chosen without listening to advice.... On the other hand it's a balance. There are also nerds without social skills who don't explain things well. But in my experience it's frequently XY-Problems and the people asking for advice not listening.

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

Thanks, Zorin is based on Ubuntu so I have to assume it will be up to date with stuff like TPM which is 15 years old. The data on the page you linked is pretty advanced for me but I'll give it a shot. Appreciate you addressing my question.

[–] [email protected] 12 points 8 months ago

Ubuntu isn't really on the cutting edge, so I'm not sure how well its going to work. Opensuse tumbleweed is running pretty much the latest everything, so its possible youll need to wait until the next Ubuntu lts

[–] [email protected] 4 points 8 months ago

Windows is no baseline for security lol

[–] [email protected] 3 points 8 months ago

Yeah, holy shit is this comment section toxic. Why are people downvoting for someone asking for help and not being a dick?

Is this whole community like this? Are the mods okay with this behavior?

[–] [email protected] 2 points 8 months ago

This is also what I would recommend and is most similar to the windows experience