Comment 19 for bug 1980018

tpm2-backed encryption without a signed initramfs is LESS SECURE than passphrase-based encryption, because anyone who can write to the disk can compromise the root filesystem without the admin ever typing the passphrase. Until we do have unified kernel images integrated into Ubuntu that address this, no, we are not going to be doing work to enable tpm2-backed encryption options.