In my case, I use SecureBoot to check the boot image's signature (contains the kernel + initrd + boot params). Then it starts everything from an LVM that lives on top of LUKS. I always have to type in the password (never bothered to get the TPM working), but I don't see why the TPM wouldn't be able to do it.
From the system boot point of view, it just starts an OS. The OS will then proceed to load some data in RAM. It's its business whether this is "fresh" data for a new boot, or "old" data from the last boot.
In my case, I use SecureBoot to check the boot image's signature (contains the kernel + initrd + boot params). Then it starts everything from an LVM that lives on top of LUKS. I always have to type in the password (never bothered to get the TPM working), but I don't see why the TPM wouldn't be able to do it.
From the system boot point of view, it just starts an OS. The OS will then proceed to load some data in RAM. It's its business whether this is "fresh" data for a new boot, or "old" data from the last boot.