> And downsides, especially for corporate usage you don't want your data protected by device keys if they aren't set by yourself or replicated elsewhere.
It's a solved problem in corporate environments.
> But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
That's a massive stretch and no normal corporation agrees with that statement.
> No, I disagree.
Other people's threat models are not something you can disagree with.
> If you assume your system is compromised on that level your device encryption will be bypassed via the same channel.
Well not really, it's not a bypass. Continuous abuse of a compromised machine is significantly noisier than exfiltrating the keys needed and then abusing those. Plus you can't touch anything that would change TPM measurements, or you'll lock yourself out. It's much more cumbersome.
It's a solved problem in corporate environments.
> But it is a security risk to deploy such keys on local machines in the first place in many circumstances.
That's a massive stretch and no normal corporation agrees with that statement.
> No, I disagree.
Other people's threat models are not something you can disagree with.
> If you assume your system is compromised on that level your device encryption will be bypassed via the same channel.
Well not really, it's not a bypass. Continuous abuse of a compromised machine is significantly noisier than exfiltrating the keys needed and then abusing those. Plus you can't touch anything that would change TPM measurements, or you'll lock yourself out. It's much more cumbersome.