The exploit developer themselves say [1] TPM+PIN is vulnerable, though no public PoC.

I’m skeptical of that claim. The key material presumably is inaccessible even to the OS without the passcode.

	▲	ranger_danger an hour ago \| parent [-]
		> presumably That's the thing, we don't actually know how involved the PIN is in relation to the key... it might be completely separate (and hence bypassable). Similarly I also wonder if password-based pre-boot auth is affected.