TPM is a dedicated chip or firmware enabling hardware-level security, housing encryption keys, certificates, passwords, and sensitive data, “and shielding them from unauthorized access,” Microsoft senior product manager Steven Hosking wrote last month, declaring TPM 2.0 to be “a non-negotiable standard for the future of Windows.”
If you were willing to make a fundamental change, one possible outcome: migrate your internal from Gogs to Forgejo and use Codeberg for your public FOSS as it runs on (a slightly patched) Forgejo. The gain is working with the same tooling on both sides and possibly gaining a runner (Action) locally if you spend the time to learn and set it up on your internal instance. Bonus idea: you could even make your public Codeberg FOSS repo a push-mirror from your internal server and let the Forgejos keep things in sync between the two.