I recently switched to Linux (Zorin OS) and I selected “use ZFS and encrypt” during installation. Now before I can log in it asks me “please unlock disk keystore-rpool” and I have to type in the encryption password it before I’m able to get to the login screen.
Is there a way to do this automatically like with Windows or MacOS? Zorin has biometric login which is nice but this defeats the purpose especially because the encryption password is long and tedious to type in.
Also might TPM have anything to do with this?
EDIT: Based on the responses I have to assume some of you guys live in windowless underground bunkers sealed off with concrete because door locks “aren’t secure against battering rams”. Normal people don’t need perfect encryption they just want to add an extra hurdle or two for the crackhead who steals the PC. I assumed Linux had a system similar to what Windows or MacOS has been doing for a decade but I am apparently wrong.
OP, just change your encryption key to whatever you have your password as and set your login to auto login. This will give you the experience you desire as it’ll decrypt the disk with your password and log you in automatically once it’s decrypted, but if you lock the system (close the lid. Screen lock. Etc) you’ll still get a login screen as normal. (Just keep in mind they’re technically two separate passwords and will unfortunately need to be changed separately if you do change your password).
You ended up with full disk encryption. For most people, it’s the simple option, everything is encrypted. That means the OS can’t start without the key, because you’re the only holder of the key. It’s both dead simple, and pretty bulletproof since there’s no way to access the system without the password. But as you said, not everyone wants that.
What you’re asking for is an encrypted home directory. It’s not that Linux can’t do it, it’s just not what you got. Depending on the use case you can either use TPM to unlock the root partition to boot, or not encrypt the system itself. Then when you log in, it decrypts a separate partition (or use ZFS native encryption, or use fscrypt if your filesystem supports it, or use an overlay filesystem like go-cryptfs).
So it’s not that Linux doesn’t support your use case but rather your distro doesn’t offer it as an installation option. From there you either configure it yourself (ArchWiki is great regardless of distro), or seek out a distro that does.
Linux is not an operating system, it’s just the kernel. What makes it an OS is what distros build on top of it. Linux alone is not that useful, hence the basis of the GNU+Linux memes: it’s Linux, plus a lot of GNU tools to make it do useful things, plus a desktop environment and a whole bunch of other libraries and applications, plus the distro’s touch tying it all together in a mostly cohesive experience.
This reply isn’t going to be helpful to OP, but thought I might add context for others passing by.
I’m using Arch Linux with LUKS encryption and gdm. As long as my user’s password is the same as the LUKS password, I only ever type my password in once.
Just saying that a MacOS-like convenience is definitely possible on Linux.
Fascinating, you don’t have automatic login enabled? And I assume this is at the pre-login prompt?
Oof - forgot to mention that I do have autologin configured on gdm 😀
user’s password can be totally different from luks password if you’re using autologin. You can keep it same but that’s totally optional. You can login without entering any password at all if not using luks (or using autodecrypt), you can see that in live isos.
