this post was submitted on 24 Dec 2025
853 points (98.6% liked)
linuxmemes
28603 readers
533 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is there any OS that allows this config?
At least with Linux, if I encrypt my hard drive, I have to enter my encryption password on every login, for some even during boot.
Not sure about Windows. I wpuldn't be surprised if you can have bitdefender on with auto login.
From memory yes but the contents of your home directory are inaccessible until you enter your password via a popup. For whole drive encryption probably not.
I had configured this manually (incorrectly) in Arch a while back to have my home dir be on a separate encrypted drive.
Turns out the main drive didn't get the memo and still had a home folder which worked fine, I thought it was working so I promptly forgot about it. Meanwhile the encrypted drive (which had only ever been unlocked that day and never again) had maybe 10 files on it that I didn't even know it had until I swapped the drive into a different PC.
The password for the hard drive encryption and the system login are two separate things, so, yes, this combination is easily possible. You'll have to input a password for system bootup, but not for logging in.
How advisable that combination is is another question entirely.
Encrypted home dir, not the entire drive
You can have FDE binded to the TMP and then inside that encrypted volume an encrypted home.
By doing that you only need to input your login password and get better security than the meme setup and other suggestions.
You would need, iirc (I am typing this from memory):
systemd-cryptenrollI know the steps but for NixOS only lmao.
Look up TPM.
Can do full disk encryption of root and auto-unlock with tpm, the auto-login is a separate thing and not necessarily the same password
Mine autodecrypts with a hardcoded password in a text file. I donβt really care about encryption right now, but the minute I do, itβs one file delete away.
You could configure the TPM to effectively store the LUKS key. User login is skippable. So yes, should be possible.
There is a way, but no point in doing so. As such no OSes offer such an option out of the box. For file encryption to be of any use, you need there to be some kind of authentication before being able to access those files (like a password).
The easiest method would be to encrypt the entire drive, as modern Linux and Windows both support using the TPM for automatic unlocking. With that, set up standard user autologin and you've made the drive encryption useless.
What TPM does for automatic unlock when combined with secure boot is to record certain steps of the OS boot and check various file hashes, if they're unchanged then it releases the decryption key. This doesn't authenticate the user but it verifies disk integrity (making sure your OS boots normally without injected malware), so your login prompt security can't easily be bypassed*
* this does not prevent hardware based attacks like malicious RAM sticks or DMA attacks if the firmware isn't patched
Then you could also set up separate home folder encryption and tie unlock to entering your password at login, or for various types of automated logins you could use the TPM again, like through checking for presence of some device you carry (like a smartwatch, etc), or even use a physical security key with one touch login (preventing remote attacks)
In Linux, Unlock the partition with secret key (easy) and skip login (easy). Overall: easy.
Yes, pretty much any Linux distro can be configured to encrypt just the home directory. Whole drive encryption is more common because it's more secure, obviously.
By default, you never have to enter your BitLocker passphrase, since there's usually no passphrase in the first place. The default configuration unlocks the drive automatically as long as it's on the same network it was set up with. Otherwise you need the recovery key. You can also manually enable an unlock method, though on modern PCs there's usually only PIN available.
On Linux, in theory you can have the exact same setup and nothing's stopping you. However, depending on the distro it may or may not be easily configured. You can fairly easily set up automatic drive unlock with TPM, which essentially gives you a similar experience to the default BitLocker.