My LUKS-encrypted disk kept asking for a password every time I booted back from Windows. Here’s how TPM PCR registers work, why PCR 7 breaks in dual-boot, and the auto re-enrollment service I built to fix it.

How I built a fully keyless CI/CD pipeline from GitLab to Google Cloud, with Workload Identity Federation, Binary Authorization, vulnerability scanning, and progressive delivery. No service account keys were harmed.