Description
LUKS keyfiles sealed to a TPM can unlock encrypted storage during early boot. Administrators use this hook when disk access should depend on platform state instead of only manual passphrase entry.
It is a TPM-based disk unlock hook, not a complete encryption policy tool. Recovery keys are essential because TPM changes or hardware replacement can prevent unlock.