14
Is LUKS encryption with DE autologin safe? (piefed.social)
submitted 1 week ago by steel_for_humans@piefed.social to c/linux4noobs@programming.dev
10 comments fedilink hide all child comments

I'm on a desktop PC that's in my home office. I have personal documents and clients' intellectual property on it (source code, databases, documents, etc.). Hence, I like to use full disk encryption on all disks. Nobody else uses this PC besides me and it's safe at home. The only threat vector is if somebody gained access to my room and stole the computer. It's very remote, but still technically possible (if you think I'm exaggerating, I'd like to learn your opinion). Maaaaybe if I was sending the nvme for RMA, that's also a threat, but I have never had an SSD break on me. Never. I know it's anecdotal and sometimes they break, but I had multiple and I think it's such a small chance...

LUKS is a bit of a pain with having to type the passphrase on each boot. So I had it on auto-unlock via TPM, which works great when it works, but a) is also a pain when it breaks (usually due to system upgrade that changes something and I forgot to re-enroll the keys or re-generate the PCRs), b) according to Arch wiki it's unsafe, if anybody has physical access to my PC -- so essentially the only threat vector I was trying to protect myself against is not protected against.

But I was thinking -- I am OK with typing one password on boot. I just don't want to type two different passwords one after the other. What if I set autologin in my Desktop Environment (GNOME or KDE), but left LUKS locked down with a passphrase? Wouldn't that be safe? It's a single user system, nobody will use it. If it gets stolen, it's been shutdown and then they can't gain access because of LUKS.

Am I thinking correctly?

you are viewing a single comment's thread
view the rest of the comments
[-] Dumhuvud@programming.dev 10 points 1 week ago

Yeah, it is safe.

But last I checked, enabling autologin means your GNOME Keyring / KDE Wallet won't unlock automatically. Something to keep in mind.

[-] lost_faith@lemmy.ca 5 points 1 week ago

Is that why my gf keeps getting that wallet thing on every reboot and I don't? She only wanted to put a password for updates (well not really but she has no choice) there is nothing on her pc but games, no personal info

[-] Dumhuvud@programming.dev 3 points 1 week ago

Yeah, that's most likely the reason.

[-] steel_for_humans@piefed.social 4 points 1 week ago

That's a bummer. I still don't know what it's useful for, except for not having to type SSH passphrases. I think it doubles as a password manager? I don't need that, I use Bitwarden.

[-] Dumhuvud@programming.dev 4 points 1 week ago

I think KDE stores Wi-Fi passwords in the wallet. Plus various third-party software may store its secrets in there.

[-] steel_for_humans@piefed.social 2 points 6 days ago

Ok. That seems important then. Having to type the WiFi password would be even more annoying. :) The other part seems important, too.

Now it makes me wonder how non technical people who have auto login enabled deal with it. I mean, I'd expect it to work like on Windows.

[-] onlinepersona@programming.dev 1 points 1 day ago

Windows is hella insecure

this post was submitted on 13 May 2026
14 points (93.8% liked)

linux4noobs

4162 readers
13 users here now

linux4noobs

Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.

Seeking Support?

Community Rules

founded 2 years ago
MODERATORS
PlutoParty@programming.dev