[pxeger1]

I don't agree with this. Yes, any TPM is necessarily possible to bypass, but it's not easy. I know I could bypass normal password-based FDE with physical access to a machine without any special hardware or software, but not TPM-based. I assume, by the Pareto principle, that there are lots of people with my ability but exponentially fewer who could bypass a TPM. So it's definitely more secure than password-based FDE, and it's good enough for me.

[missingrib]

>I know I could bypass normal password-based FDE with physical access to a machine without any special hardware or software

How?

[pxeger1]

Change the bootloader and /bin/init so that it captures the disk encryption password as you enter it. It could then send it to me, or add a second password that I know so that I can decrypt it with later physical access.

Actually, on second thought, it's secure boot that protects against this attack, which doesn't require or use a TPM? So maybe I'm wrong