Gary Lin wrote:

Hi,
I'm pleased to introduce a new feature for openSUSE Tumbleweed:
disk auto-unlocking with TPM 2.0.
In short, it boots the encrypted root without asking for a passphrase. 

What is the actual use case for that? I'm encrypting my disk to protect it in case the Notebook gets stolen or otherwise lost. When it is auto-unlocked, everybody with access to my computer can read the data.

Or am I missing something? Is there another protection mechanism before the disk is unlocked?

I too, wondered why encrypt the disk if the TPM gives the key out - that does not make sense to me.

If it is "well the password prompt will save you "- no if I have access to the grub menu - I can single user in and change all the passwords.

Not a good idea to me either.