Keeping the key in the same room as the padlock only protects against casual drive theft and secure disposal.

Personally I'm more worried about someone stealing the entire server or a local threat actor.

Sure, keep TPM to help with boot integrity, maybe even a factor for unlock, but things like Clevis+Tang (or Bitlock Network Unlock for our windows brethren) is essential in my opinion.

The beta installer was completely unsuccessful in setting the TPM-backed disk encryption on both a ThinkPad X1 Carbon (Intel 258V) and a ThinkPad P14s (AMD 300-something). Hopefully they ironed that part out in the release, but it seems still early for this feature (at least for my comfort level).

I want this on my own homeserver. Protection against someone stealing the server without requiring me to type a password every boot.

oh man i hope this works on dell laptops