...
/persist/unsealed-vault is a future location which will be encrypted using a key stored in the TPM but not sealed under the PCRs. In the future we can move things which are needed during a post-update boot before re-attestation to this unsealed vault, such as /persist/status/nim/DevicePortConfigList/ which keeps the network configuration across device reboots.
Under those three directories we will in principle have sub-directories as follows, but the use of the future /persist/unsealed-vault is TBD.
Volumes
In /persist/vault/volumes/ and /persist/clear/volumes
...