I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

  • Saff@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    Instead of encrypting the entire drive, encrypt the home folder. That way it’s unlocked when you sign in.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    You ended up with full disk encryption. For most people, it’s the simple option, everything is encrypted. That means the OS can’t start without the key, because you’re the only holder of the key. It’s both dead simple, and pretty bulletproof since there’s no way to access the system without the password. But as you said, not everyone wants that.

    What you’re asking for is an encrypted home directory. It’s not that Linux can’t do it, it’s just not what you got. Depending on the use case you can either use TPM to unlock the root partition to boot, or not encrypt the system itself. Then when you log in, it decrypts a separate partition (or use ZFS native encryption, or use fscrypt if your filesystem supports it, or use an overlay filesystem like go-cryptfs).

    So it’s not that Linux doesn’t support your use case but rather your distro doesn’t offer it as an installation option. From there you either configure it yourself (ArchWiki is great regardless of distro), or seek out a distro that does.

    Linux is not an operating system, it’s just the kernel. What makes it an OS is what distros build on top of it. Linux alone is not that useful, hence the basis of the GNU+Linux memes: it’s Linux, plus a lot of GNU tools to make it do useful things, plus a desktop environment and a whole bunch of other libraries and applications, plus the distro’s touch tying it all together in a mostly cohesive experience.

  • Ptsf@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    10 months ago

    OP, just change your encryption key to whatever you have your password as and set your login to auto login. This will give you the experience you desire as it’ll decrypt the disk with your password and log you in automatically once it’s decrypted, but if you lock the system (close the lid. Screen lock. Etc) you’ll still get a login screen as normal. (Just keep in mind they’re technically two separate passwords and will unfortunately need to be changed separately if you do change your password).

    • Jediwan@lemy.lolOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      10 months ago

      Encryption makes it more difficult to copy data from the drive. Windows and MacOS can manage to encrypt drives without requiring two different passwords, I mistakenly assumed Linux could too.

      • GlitzyArmrest@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        If you’re having it automatically unlock the drive at boot, it kind of defeats the purpose. If someone steals your tower, they can boot it and copy the unencrypted contents since it automatically unlocks.

  • wispydust@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    This reply isn’t going to be helpful to OP, but thought I might add context for others passing by.

    I’m using Arch Linux with LUKS encryption and gdm. As long as my user’s password is the same as the LUKS password, I only ever type my password in once.

    Just saying that a MacOS-like convenience is definitely possible on Linux.

    • Jediwan@lemy.lolOP
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      Fascinating, you don’t have automatic login enabled? And I assume this is at the pre-login prompt?

        • unhinge@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          user’s password can be totally different from luks password if you’re using autologin. You can keep it same but that’s totally optional. You can login without entering any password at all if not using luks (or using autodecrypt), you can see that in live isos.

  • GolfNovemberUniform@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    10 months ago

    Afaik you can’t. Disk encryption requires entering the password every time and it asks for it BEFORE the OS is started so you can’t use biometric login either