That is known pretty well: The TPM won't release the the volume key unless the correct PIN is presented to the TPM.
replyThe only evidence I have seen was this article that another user in the thread shared:
replyhttps://blog.scrt.ch/2024/10/28/privilege-escalation-through...
Not saying you're wrong, I'm just not sure how well known it really is.
Either way... if the TPM is the one gating the key behind a PIN, I really don't see how an OS-level exploit can work without knowing the PIN in advance.