Why does PureOS forget disk encryption password when updating?


#1

When I do a software update, PureOS asks me for the disk encryption password twice. Why not stop reboot prior to forgetting disk encryption password, so that software updating can complete without my full attention?


#2

MacOS, depending on the update, will actually keep you logged in, even if you do a full update/reboot and you only need to add your fingerprint/password once. This means the harddrive stays de-crypted through the update process.

I believe this is a convenience and makes the user experience more streamlined as well. I assume PureOS does not remember the decryption key after update.


#3

What application do you use for updating? The desktop GUI?

I get notifications in the GUI, then run apt on the command line, then reboot if needed.

The GUI app has left my system in a broken state before so I stopped using it.


#4

I don’t see what this has to do with restarting all the way back to the disk encryption password.


#5

AFAIK, there is no Linux distro that can reboot and keep the disk unencrypted. I’d assume it’s technically possible, but nobody implemented it.
I also have a strong suspicion that it is hard or impossible to do this without security implications of the kind
“To gain full access to the encrypted data of a running system, just insert a Haxxx0rLinux USB stick and force a reboot by pressing Alt+SysRq+B”.