Figure out missing bits for LUKS unlock via TPM
The current support for disk encryption in Anaconda relies on the user providing a password. We want to keep this as is but also offer the option to unlock the disk automatically when possible using the TPM if available.
If the user want to setup TPM based LUKS unlocking, they currently have to rebuild their initramfs as it does not include all the needed tools.
We should figure out why this is the case and either include those tools by default and file bugs upstream to ask them to consider including them by default.
See:
- https://github.com/fedora-silverblue/silverblue-docs/pull/176
- https://github.com/fedora-silverblue/issue-tracker/issues/369
- https://github.com/fedora-silverblue/issue-tracker/issues/409
- https://github.com/fedora-silverblue/issue-tracker/issues/431
- https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/