- but it would be optimal to require PCR values and password
Note that in any case where you use PCR values you always should setup a secondary way to unlock the partition. Or else you will lose your data if some of your hardware measured into a PCR breaks.
Requiring both is optimal as it 1. doesn't rely on TPM/PCRs but 2. prevent certain attack vectors possible with password only but not possible with PCRs. Through you now also have to manage a backup unlock method. Which is annoying. And the security benefits are negligible/irrelevant for most people. Which is why I don't use it.
Nit: It's useful to distinguish between passwords (checked against a hash for auth) and passphrases (used for decryption). It's an important practical distinction because a lost password can in general be bypassed out-of-band somehow while a backup strategy for passphrases is essential.
A more common definition of passphrase is a a password which is a phrase which makes it longer but also more predictable in it's structure.
Similar prompts for decryption will ask you for passwords in most cases as non technical users shouldn't need to understand the underlying technical differences (nor do they normally want to, or do).
- I'm only using a long password
- but it would be optimal to require PCR values and password
Note that in any case where you use PCR values you always should setup a secondary way to unlock the partition. Or else you will lose your data if some of your hardware measured into a PCR breaks.
Requiring both is optimal as it 1. doesn't rely on TPM/PCRs but 2. prevent certain attack vectors possible with password only but not possible with PCRs. Through you now also have to manage a backup unlock method. Which is annoying. And the security benefits are negligible/irrelevant for most people. Which is why I don't use it.