TPM support on Linux (for drive encryption) is getting better with tools like clevis. Additionally, systemd can do a ton of cool things with TPM, and projects like dm-verity can make linux's boot process more locked down than Windows.

I personally will always use a passphrase for device encryption.