Comment 26 for bug 1980018

>Having encryption on everything is still nice, as you can be less paranoid when it comes to recycling drives.

Its not just convenience. There is a big increase in security because there is a MASSIVE technical skill gap between someone being able to exploit a situation where someone has to manipulate an initramfs to fetch tpm stored keys, and someone simply walking off with unencrypted drives or booting a usb and mounting them, finding you key file for encrypted drives sitting around on other more-removable media. How many people can do the latter and how many people can do the former?

If you think of it on a gradient, its like 0-10 security are allowed, but its not worth properly implementing 8 because its not 10. Even if it's not a 10 right now, make it a proper 8 and then push to 10.

Looking over Mcelderderry's code it seemed trivial to do.