Hello everyone!

I daily drive a Nobara install with my main drive being an LUKS encrypted M.2 drive. Every time I boot my computer I get presented with the password prompt to unlock the drive and afterwards get prompted with my login manager to login.

Is there any way to combine these steps into a single prompt? It is starting to get a bit annoying having two steps every time I boot.

  • The Hobbyist@lemmy.zip
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    7 months ago

    There is a way to place the secret file (corresponding to the password) on a dedicated USB stick and have a script attempt to Mount it at boot to unlock the partition. If the USB stick is not found, it will revert to the password prompt. Perhaps this is the best of both?

    Make sure not to leave the USB stick plugged in, but rather only take it and and plug it in to boot then safely store it once booted, otherwise you are probably defeating the purpose of having an encrypted partition to begin with.

    I’ll add a link to read more about it shortly.

    Edit: here is one example to set it up (including to auto-decrypt ZFS) https://www.youtube.com/watch?v=7xOLxCwdi-I

    • MalReynolds@slrpnk.net
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I do this, along with pamusb, so I don’t need a password for sudo etc. (which allows a longer more secure password than I might otherwise use). Depending on the threat model, I think it’s fine to just leave it in. One day I’ll get it to shutdown --now on ripping out the key drive without dismounting first, sort of a break glass in emergency thing. Same thing can be achieved with pulling the key and holding the power button though (even if it’s a bit rude to the filesystem)