Full Disk Encryption w/ TPM2 on Kali
Short HOWTO about setting up Full Disk Encryption with unattended auto-unlock using TPM2 on Kali.
Useful for rogue devices (auto-connecting to C2), headless pentest boxes, etc. storing confidential information but lacking physical security.
NOTE: In order to maintain integrity and protect the encryption key, hardening the boot process with Secure Boot is a must. For making Secure Boot work (without messing up the default UEFI keys stored in the hardware), the Microsoft-signed UEFI shim loader is used (available in the Kali repo) which is able to load securely an arbitrary ELF image as 2nd stage