linux – Disk / Volume encryption without password prompt at boot

I am currently looking out for a disk / file-system encryption solution, on Linux, which would not require a password at every reboot instance.

While this will not prevent data theft if the entire system is snitched, it should at least ensure that data remains confidential if only the disk is attempted to be put on a different system.

The system has a TPM chip.

I looked at several solutions –

  • LUKS-dmCrypt : Whichever guide I have followed requires password upon boot. Further, encryption process requires a FS /volume format. Existing non-encrypted volume to encrypted seems like a complicated process which may be difficult to be carried out in an automated and unsupervised way. There are solutions such as this, which bypass boot password prompt by storing it in TPM but I am not able to verify the validity and risks of using something like this, which hasn’t many reviews or comments.

  • Veracrypt : Veracrypt has TPM support, which I suppose does away for the need to provide a boot password, but Veracrypt Release Notes only show TPM support for Windows, not Linux.

  • Self Encrypting Disks : SED SSDs are a viable option, but even they require ATA password set in BIOS and would prompt for a password. I am not sure if it’s possible to store the SED AK in TPM and whether it’s likely to solve the problem. I haven’t yet found any documentation from a manufacturer confirming this, searches on web have also proved futile.

  • Storing the password / key in an unencrypted, removable disk like pen drive : Not an option

  • Changing File system to another which allows something like this : Not an option. Only ext4 or xfs

I know BitLocker on Windows can enable drive level encryption and use TPM for a silent boot, but am not sure what works on Linux. Would like to use SED SSDs, but would a TPM solve the password at boot issue?

Haven’t much experience in the area, so any other suggestions / methods I can try out?