This is a step by step document to help you setup unlocking LUKS partition with Clevis. However, Arch Linux Wiki details the built in support for unlocking LUCS without requiring Clevis but the steps are not entirely cleaar.

Step 1: Install Clevis packages and refresh the TPM permissions

$ sudo -i
# apt install clevis clevis-tpm2 clevis-luks clevis-udisks2 clevis-systemd clevis-initramfs -y
# udevadm trigger

Step 2: Find which banks are avilable in the TPM

tpm2_pcrread

The output of the above lists different hash algorithms. if there no numbers next to the hash then it's unusable. SHA256 is a good hash algorithm and should support most cases.

To find out the encrypted drive path, try the following command on different partitions you have cryptsetup luksDump /dev/sda1

Step 3: Add a key to LUKS partition from Clevis, tied to the TPM

# clevis luks bind -d /dev/sda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,1,7"}'

You can use any PCRs you like, but the recommendation would be to use a number at least 7. Also make sure to update the partition to your specific drive, this should be the root partition of your Ubuntu install. You can store the keys for all other partitions in this partition so all other partitions also unlock. Only the root requires the TPM auto-unlock

Step 4: Update the Initramfs

# update-initramfs -u -k 'all'