I think using credentials for the rootfs is not very useful, the user already enters the
LUKS password on boot. Also, if the encryption keys are not stored locally, then they have
no use, an attacker can just get them from the external storage. Many users also would not
like needing an attestation service to boot either. If the encryption keys need to only be
revealed on a trusted boot, then it should be stored in the tpm.