Linux

48062 readers

705 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Encrypted hard drive asking for password every time (lemy.lol)

submitted 8 months ago* (last edited 8 months ago) by flork@lemy.lol to c/linux@lemmy.ml

125 comments fedilink hide all child comments

I recently switched to Linux (Zorin OS) and I selected "use ZFS and encrypt" during installation. Now before I can log in it asks me "please unlock disk keystore-rpool" and I have to type in the encryption password it before I'm able to get to the login screen.

Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.

Also might TPM have anything to do with this?

EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks "aren't secure against battering rams". Normal people don't need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.

you are viewing a single comment's thread
view the rest of the comments

[+] flork@lemy.lol -11 points 8 months ago* (last edited 8 months ago) (3 children)

That's not technically true as enabling bitlocker on windows and filevault on Mac don't require two different passwords.

[–] visc@lemmy.world 11 points 8 months ago (1 children)

Mac will ask you to “log in” very early in the boot process to decrypt the disk, I assume it keeps the drive key encrypted with your password somewhere.

[–] flork@lemy.lol -4 points 8 months ago (2 children)

That's just not true I have two macs with it enabled on both and it requires a single "normal" password

[–] GlitzyArmrest@lemmy.world 4 points 8 months ago (1 children)

That's likely because your Macs are using the TPM. Does your Linux machine have a TPM, and are you using it?

[–] flork@lemy.lol 3 points 8 months ago* (last edited 8 months ago) (1 children)

I don't think so, they are both intel macs over 10 years old and Macs didn't start adding TPM until 2017. On Mac, when you check the box to encrypt the drive during install you're prompted for an encryption password which you never need to use again unless you remove the drive and put it into another mac (or in my case add a second hard drive and use the original as "extra" storage).

[–] Helix@feddit.de 1 points 8 months ago

Macs had TPMs before Windows PCs, IIRC.

[–] visc@lemmy.world 2 points 8 months ago

Yes normal password but it happens super early on mine, and once you log in there is a boot progress bar afterwards. This is an Intel Mac, might be different on apple chips.

[–] Lodra@programming.dev 3 points 8 months ago

I recently dug into this because I accidentally trashed my wife’s OS which was encrypted with bitlocker. PITA btw and I couldn’t beat the encryption

Bitlocker encryption key hash is stored in 2 possible places. First is an unencrypted segment of the encrypted drive. This is bad because it’s pretty easy to read that hash and then decrypt the drive. The second place is on a Trusted Platform Module (TPM) which is a chip on the motherboard. This is better because it’s much more difficult to hack. It can be done but requires soldering on extra hardware to sniff the hash while the machine boots up. Might even be destructive… I’m not sure.

Either way a motivated attacker can decrypt the drive if they have physical access. For my personal machines, I wouldn’t care about this level of scrutiny at all.

Anyways you can see if any open source solutions support TPM.

[–] GolfNovemberUniform@lemmy.ml 3 points 8 months ago (1 children)

Sorry idk much about Windows and Mac. But what you said sounds like their encryption systems aren't full disk encryption, they somehow found a way to store the password for login or they just disable the login password completely when the encryption is enabled

[–] MangoPenguin@lemmy.blahaj.zone 5 points 8 months ago* (last edited 8 months ago) (1 children)

They are full disk encryption, and it's using the hardware TPM.

[–] GolfNovemberUniform@lemmy.ml 0 points 8 months ago (1 children)

Oh then I guess idk what TPM actually is