Secure key handling using the TPM

The original use case for NBDE was servers in a data center or VPN environment. The addition of TPM2 support adds more security - you can require both TPM and a network server - and opens up new use cases like desktops and laptops. The PIN base architecture of the Clevis client provides a flexible way to add new ways to unlock keys, and the policy capability of Clevis allows you to use multiple PINs.