> I can’t understand this design. You should derive the disk’s encryption key from the user’s login password.
That's essentially what macos does. The key is not derived from the password, but it is stored wrapped with the users password (I assume the TPM is involved in the decryption of the key, but I haven't dug into the details). In the UI you can elect which users are capable of unlocking at boot, and wrapped keys are stored for them and hopefully updated when they change their passwords (or log in for the first time with the new password). On my work machine, with weird AD integration, I've had cases where this was missed, I've had to boot with the old password once to get things straightened out.
TBH, I don't reboot often, so I don't remember if it passes the password to the OS or if it makes you log in again after boot.
It passes the login to the OS. The user experience is basically the same as logging in normally, except there’s a pause for the OS to actually start up after you enter your password.
That's essentially what macos does. The key is not derived from the password, but it is stored wrapped with the users password (I assume the TPM is involved in the decryption of the key, but I haven't dug into the details). In the UI you can elect which users are capable of unlocking at boot, and wrapped keys are stored for them and hopefully updated when they change their passwords (or log in for the first time with the new password). On my work machine, with weird AD integration, I've had cases where this was missed, I've had to boot with the old password once to get things straightened out.
TBH, I don't reboot often, so I don't remember if it passes the password to the OS or if it makes you log in again after boot.