Having read poetterings blog posts a bit and he explains that the TPM2 based encryption is entirely just for system resources (basically everything under / with exception of /home). For home he still “envisions” (its already possible and not really hard with sd-homed) that the encryption is based on the users passphrase/key/whatever and not unlockable by anyone else than the users passphrase/…