[akaiser]

Then again, an attacker can read the decryption key from RAM (freeze and remove the modules, then dump the memory on another system) and decrypt the disk offline.

So, data on a stolen laptop which has an unprotected TPM (no PIN to boot) can be considered compromised.

[proto_lambda]

There are such things are RAM encryption, but yes, overall it's more fragile from a security perspective than a strong plain passphrase.

[mratsim]

So you use soldered RAM. And the OS provides hardened memory areas that can't be dumped.