Looking into viability of adding support for TPM-backed encryption of /config data
Various factors to consider:
- Which PCRs to require to ensure hardware/software integrity (End user configurable?)
- Handling failed config decryption on boot (Fallback config?)