Using TPM for Automatic Disk Decryption in Debian 12

Please consider supporting my work in Debian and elsewhere through Liberapay. These days it’s straightforward to have reasonably secure, automatic decryption of your root filesystem at boot time on Debian 12. Here’s how I did it on an existing system which already had a stock kernel, secure boot enabled, grub2 and an encrypted root filesystem with…