pull down to refresh

TPM
I think this is the authors first mistake, why would you keep the decryption secret on the system you want to encrypt? Maybe commercial OS's are more native to this because those systems do a lot of senseless things anyway...
The real problem is that you can't decrypt something without communicating the secret to the thing you've encrypted, yubikeys are great for auth because it's just a signature and the secret never leaves the yubikey... but you can't do this with encryption.
This leaves you entering some type of secret into the keyboard, even if thats just a pin to another secret, which sucks in the case of laptops because unless you're in a SCIF there's cameras and microphones everywhere logging your keystrokes