Is there any support in OpenBSD, or indeed any Unix-based desktop/server operating system, for storing key material in a TPM?
Windows has this, and it permits booting without a passphrase being entered, but the disk will still be encrypted at rest.
Interesting question. I think so?
https://access.redhat.com/documentation/en-us/red_hat_enterp...
Looks like clevis is gpl3 - so I expect it's not packaged as standard for any of the bsds?
https://github.com/latchset/clevis
See also:
Ed: and: https://github.com/kmille/cryptboot
https://security.stackexchange.com/questions/194081/use-tpm2...
https://security.stackexchange.com/questions/39329/how-does-...
https://superuser.com/questions/619721/can-i-use-the-tpm-on-...