I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

  • Ptsf@lemmy.world
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    10 months ago

    Perfect security doesn’t exist. If they’ve got the engineering capital required to design and manufacture key retrieval hardware, you lost the moment they gained physical access to your equipment.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      If they have the capability to extract the key, they probably also have the computational resources to brute-force the passphrase. It’s not a meaningful difference.

      • Ptsf@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Most brute-force attacks can be hardened against. Again there’s no perfect security, just better security.

    • TDCN@feddit.dk
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      10 months ago

      I agree. Physical access to the device and its often game over.

      Sadly reading off the key is already trivial in some cases as showcased in this recent video by stacksmashing

      Since the key has to be sent to the cpu in plain text it can easily be sniffed. If however the TPM is integrated in the cpu its not so easy, but then the os can be manipulated or hacked after boot with known exploits.

      If you have a long and secure password for you encryption the absolute only way in is to brute force the key which is significantly harder if not impossible regardless of capital

    • umami_wasabi@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      10 months ago

      If he uses TPM. I’m not aginst OP using it but he needs to understand the drawbacks. At least I hope he will.