I agree with you. In fact I always say that encryption with tpm make no sense, I have to trust a closed part and that is never good in cryptography. Never combine luks with tpm for example. With this I mean that I prefer a Linux machine with luks than a macos with FileVault + security chip. But that does not mean that macos has a good architecture and is a model to follow in many things. As I say I invite you all to try Fedora Silverblue, for me it is the model to follow for Linux. Secure Boot + SElinux + immutable system image + Flatpak