The benefit is to not type encryption password on every boot. TPM stores the encryption key and Secure Boot ensures that the system is not tampered.
replyThat said, I think that it's better to use alternative approach. Use unencrypted signed system partition which presents login screen. After user typed their username and password, only user home gets decrypted. This scheme does not require TPM and only uses secure boot to ensure that system partition has not been altered. I think that macOS uses similar approach.
Kinda like how I have it set up in linux except the system partition is the uki and the user password is LUKS2 passphrase
replyAnti theft
reply