Hi, this method is not new, it’s just not adding much.
Luks full disk encryption can be enabled in the installer already.
Now why it’s not adding much?
- If your device got stolen, it simply boots.
- If something in the boot process has changed, it will ask for the password, like Bitlocker asks for it, after an grub update.
- The security of tpm in general is questionable.
It does make brute force attacks against the luks password harder, especially for bad/short ones but nobody will try that anyway.
It’s just adding to much unnecessary complexity, especially for data recovery, etc…
If you still want it: https://fedoramagazine.org/automatically-decrypt-your-disk-using-tpm2/