Does Fedora have a tool to “automate” TPM drive encryption? If not, should I use clevis to try and load my drive encryption password into the TPM, or would it be better to use systemd-cryptenroll? Or should I be using something else?
And is there a method of doing this that is “distro agnostic” i.e. could be used with Fedora, Linux Mint, Arch Linux, whatever?
By default /tmp is a ram disk so encryption is not required.
If you are already using full-disk-encryption (FDE) then /var/tmp is also encrypted.
If you are not using FDE then only encrypting /tmp is not useful.
I am sorry - I meant TPM (Trusted Platform Module), NOT TMP - sorry about that! Thanks, COVID brain fog!
There is systemd-cryptenroll, which is quite distro agnostic as long as the distro uses a modern version of systemd: https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/