Possibility to use TPM Chip for Encryption


Is there any solution to use a laptop with a TPM Chip for an encrypted drive, kind of like Bitlocker does on Company Laptops.
I found a few things, but no clear answer somehow everything I found said something totally different.

Anyone has a working setup and has some insights if it is somehow possible? Which doesn’t require the hassle of typing in twice the password or changing the key after every update?


Yes, see the Arch wiki page:


and the recent ArchConf 2020 talk “Protecting secrets and securing the boot process using a Trusted Platform Module (TPM)”,

1 Like

But that would mean you have to manually recalculate the key after every Update right? I mean how can you avoid this hassle? Cause this isn’t practical at all.