Technically speaking, the login page is an out-of-session page (the user hasn't logged in yet) and therefore a CSRF mitigation isn't really needed. There's not a whole lot a hacker can do if the user hasn't established a session. I guess he could trick a user into logging on-- if he knows the user name and password-- but if could do that he could log in from his own browser instead.
If you insist on the CSRF token on the login page, I suggest you render the token as per usual and refresh the page with a Javascript timer (setTimeout) a few seconds before the token is due to expire.