Comment 18 for bug 1980018

Even if it is 'security theater', to store/fetch/use decryption keys in a tpm2 chip would allow users meet full disk encryption requirements and reboot remote machines without having someone go physically type in boot passwords, or relying on other tools

As of now, the only way to make this happen on Ubuntu is clevis. Clevis is Ok but I'd much rather use core programs like systemd-cryptenroll and cryptsetup-initramfs