The speaker, Ahmad Fatoum, discusses the use of trusted key storage in Linux for disk encryption. He explains that disk encryption is usually achieved through the M-Crip, which maps physical devices to a virtual device and applies encryption. The encryption key is stored in memory or on a USB stick entered by the user. However, for unattended boots in embedded systems, an automated solution is needed. Ahmad introduces the concept of trusted storage, such as TPMs, which securely store the encryption key on-chip or off-chip. He explains how the kernel's trusted key subsystem can be used to securely decrypt the encryption key and store it in the kernel key ring. Ahmad also discusses the generalization of trusted keys to support other hardware, such as secure enclaves, trusted execution environments, and crypto units inside SOCs. He mentions the use case of certificate storage and the need for secure and encrypted storage of client certificates. Ahmad concludes the talk by mentioning future work, such as adding trusted key support for other disk encryption systems and file systems. He also discusses the possibility of combining hardware keys with user authentication methods.