Comment by luma
4 months ago
More recently, TPM and the systems surrounding it are being effectively used for attestation of the entire OS and driver stack at boot time, from UEFI up to a running OS. DRM sucks, but I do appreciate having some degree of hardware-level defense against rootkits or other advanced malware.
Practically though those systems seem to be pretty weak and are always getting broken, the TPM itself is another place where malware can hide, it's not clear to me that the benefits could ever outweigh the risks.
TPM itself is a simple data container with slow encryption/decryption capabilities. It cannot hide anything really.
You might have mistaken it for say Intel ME and the AMD equivalent.