Had fun in at #OSSSummit in Tokyo yesterday demonstrating a TPM interposer attack obtaining the systemd cryptenroll boot keys
And also explaining how the new Linux Kernel TPM patches can help defeat this
For those who asked, my python3 interposer designed to steal the keys is here:
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpm2-interposer.git/