[proto_lambda]

If you rely only on TPM for key storage, yes, the disk is unlocked automatically and any sufficiently broken userspace application you can get your hands on will let you access it. You can still combine TPM+passphrase/PIN though, at the cost of having to enter it at boot.

[worksonmine]

> at the cost of having to enter it at boot

Isn't this the entire point of full disk encryption? You mention cost, but what is even the benefit of encryption that's unlocked by just booting?

[proto_lambda]

With properly functioning secure boot and no bugs in the entire software stack, it doesn't matter if the disk is decrypted automatically, since you can't access the system without OS-level authentication. If you tried to replace system files to let you get in anyway, the secure boot measurements would no longer match up and the decryption fails entirely.

[akaiser]

Then again, an attacker can read the decryption key from RAM (freeze and remove the modules, then dump the memory on another system) and decrypt the disk offline.

So, data on a stolen laptop which has an unprotected TPM (no PIN to boot) can be considered compromised.

[proto_lambda]

There are such things are RAM encryption, but yes, overall it's more fragile from a security perspective than a strong plain passphrase.

[mratsim]

So you use soldered RAM. And the OS provides hardened memory areas that can't be dumped.

[worksonmine]

I use a very long and inconvenient password for LUKS, and a simpler one for login and root. My lock screen is more a convenience in a trusted environment and not security. The TPM only solution sounds like it would require my very long password every time I leave my desk to get coffee.

[Talinx]

Relying on no bugs in the entire software stack makes the attack surface quite large.

If a laptop is stolen the thief can wait sufficiently long for some vulnerability to be discovered somewhere in the stack. With LUKS only the LUKS encryption has to be good and full disk encryption protects the data.

[yowai]

> You mention cost, but what is even the benefit of encryption that's unlocked by just booting?

Ideally, your login screen is secure and allows no bypasses into a shell or similar, so you cannot really access any files on the hard drive.

And if you modify some system files or boot another operating system to get around this, you are required to know the disk encryption password to get to them.