I tried added a key file and even a password txt but both lead to it still asking for me to type in the password.
Is it because the drive is encrypted? I tried placing the files at /, /boot, /root, /etc
Edit1: I’ve tried to install dropbear and give it ssh keys. I will try to reboot in the morning and see what happens
Edit2: signing in via ssh just says port 22 rejected not working :(
Edit3: neither dropbear for ssh or keyfile worked. I give up.
At least TPM is supposed to be tamper proof. So as long as you don’t login automatically your data should be secure.
It’s also useful to autodecrypt it temporarily to set up more secure decryption later. OEM installs often do this. I did it on my Steam Deck while looking for a way to enter a passphrase without a keyboard.
Depending on the attacker of course. If they can read your RAM after auto-decrypt they can just take the encryption key.
Though they should be able to do that with manually decrypted drives as well, if they can access the RAM, right?
Only if they gain possession when the device is running with the drive decrypted and they keep it running the whole time. That is a lot higher bar then being able to turn the machine on at any time and then recover the key. For example if this is a laptop that you are flying with. Without auto-decryption you can simply turn it off and be very secure. With auto-decryption they can turn it on then extract the key from memory (not easy, but definitely possible and with auto-decryption they have as long as they need, including sending the device to whatever forensics lab is best equipped to extract the key).