Lennart was working on this a while ago in systemd. I'm not sure how far along it is. Could git clone it and then:
git log --grep=TPM2
I'm not sure how to do case insensitive with git's grep. I know he was also working on security key support for sd-homed and possible sd-cryptsetup.
Anyway, this is something Workstation WG has been looking at in particular for encrypting system root. That way a user entered passphrase isnt needed to boot. And the user login passphrase unlocks just that user's home.
--
Chris Murphy