Hi,
I was thinking how to prevent Intel Management and other secret manufacturer features from possibility of stealing keys to decrypting partition. Would that be possible to add second factor/seed from external device (for example pendrive) that will too big to capture it by other chip? Let’s say 250GB (Event if it will will eventually capture it we will easily see such traffic on network), and of course encryption would also have to happen again before shutting down computer but with different key.