I've been experimenting with various distros for a while, and I've recently been trying out secureblue. One feature of secureblue is a built-in LUKS TPM unlock feature, which allows a user to boot without typing in their LUKS passphrase. I understand that it's less secure than just the passphrase, but I like it because I reboot fairly often and enjoy not typing it each time.
The problem is that if someone gains physical access to my device, then they (as far as I'm aware) have unlimited attempts to guess my user password, which is considerably less complex.
I'm wondering if there's a way to have my system to prevent such an issue. Would it be possible for the system to just shut down with TPM unlock disabled after too many attempts? Or perhaps the system could shred the LUKS encryption key after too many consecutive attempts (similar to what iPhones have)?