Comment 6 for bug 1980018

Unlocking of TPM tokens is implemented in systemd LUKS2 token handlers, not in cryptsetup itself.
It can be compiled as plugins (then check cryptsetup --help "LUKS2 external token plugin path" and check that in this directory in initramfs are systemd plugins installed).

But systemd can also implement it directly in systemd-cryptsetup/cryptenroll - then you need only the systemd binaries. I am really not sure what Ubuntu uses now, the first option should be preferred for future.