The same progress is with disk encryption using #TrustedPlatformModule.
Now it's just systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7 /dev/nvme0n1p2

6 years ago I needed to deploy disk keyfile, then manually seal it to TPM, and setp up initramfs to work with the sealed key.