Is there any support in OpenBSD, or indeed any Unix-based desktop/server operating system, for storing key material in a TPM?

Windows has this, and it permits booting without a passphrase being entered, but the disk will still be encrypted at rest.

https://access.redhat.com/documentation/en-us/red_hat_enterp...

Looks like clevis is gpl3 - so I expect it's not packaged as standard for any of the bsds?

https://github.com/latchset/clevis

See also:

Ed: and: https://github.com/kmille/cryptboot

https://security.stackexchange.com/questions/194081/use-tpm2...

https://security.stackexchange.com/questions/39329/how-does-...

https://superuser.com/questions/619721/can-i-use-the-tpm-on-...