[escalt]

The way I understand full disk encryption (with LUKS at least) is that the device generates a random key which does the data encryption/decryption and the user entered password is used exclusively to encrypt that key. This allows encrypting the key with thousands of iterations (the number is picked in a way that it takes a few seconds on the currently used CPU). That way you can use a very slow encryption algorithm (meaning it's very slow to brute force) to get the actual key, which can then be used for fast encryption of the actual data. This approach also allows changing passwords or using multiple passwords without rewriting the entire drive, since just the key has to be re-encrypted

[ufmace]

Ah yeah that makes more sense. I suppose managing FDE key via TPM is theoretically / ideally more secure, but has a lot more attack surface. Probably not many TPM implementations have been attacked enough publicly for anyone to be confident they're actually more secure than a regular password with good modern KDF.