Comment by embedding-shape

Agreed. We need legally enforceable standards granting owners full control of their devices.

But also: TPMs could be used to prevent evil maid attacks and to make it uneconomical for thieves who stole your device to also steal your data. It makes it possible for devices to remotely attest to their owners that the OS has not been compromised, which is relevant to enterprise IT environments. There are a lot of good uses for this technology, we just need to solve the political problems of aggressive copyright, TIVOization, etc.

> The purpose of secure enclave is to prevent administrator from accessing the data

Not only, it has many purposes. I'm also the administrator of my computer, and some things I want to be unchangable by software, unless I myself unlock it, like I don't want anyone to be able to boot or install other OSes than the ones I've installed myself. The secure enclave and secure boot is perfect for this, even if my computer gets malware they won't be able to access it, and even if someone gets physical access to my computer, they won't be able to boot their OS from a USB.

The false assumption in your argument IMHO is the assumption that none of the software on your device will ever betray you or contain an exploitable security hole. In actuality, it is useful from time to time to be able to run software you cannot completely trust such that the software cannot access all the data on the device (because the untrusted software cannot access your enclave).

But I do want to secure my encryption keys on my device from someone who steals my device.

Any feature controlled by the owner of the computer is good; features controlled by anyone else like the manufacturer can be bad. And note that in this viewpoint, leasing makes you temporary owner.