Description
LUKS keyfiles sealed to TPM2 hardware can unlock encrypted storage during early boot. Administrators use this hook when TPM2 policy should help protect disk access before the main system starts.
It is a TPM2 unlock hook, not a backup or recovery solution. Firmware updates, PCR changes, or hardware replacement can break unlock unless recovery keys are available.