TPM is a fantastic addition to motherboards. But I have read some bitlocker papers and they tell me that if you choose TPM + PIN protection, then the PIN does not become part of the key, it is simply used by the chip as an additional security measure. When I understood this thing, I got stunned, because it doesn’t make sense to me, it would have been much safer and much easier to implement, to use the PIN as part of the key or to encrypt the key saved in the TPM with the hash of the PIN. In fact, since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not, if the chip is broken, for example, with a good electron microscope, is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM helps for keyloggers and rootkits. I understand that normally the TPM + PIN is used for enemies like thieves etc … where it is more than enough. But as I said before, nothing would change for the end user, it would be easier to implement, and safer, therefore also suitable for other purposes. So why was this choice made?
Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.