Don't know nature of previous case

Don't know what they were prosecuting, but kiddie porn cases are often the thin end of the wedge to get the public to accept tools that will later be aimed at political dissidents, people who won't unlock their laptop for TSA, etc. Remember that the US government accused Occupy of being "terrorist" in internal memos and that the "terrorism" watchlist here has been revealed to contain more than 1.1 million names of mostly nonviolent people. Since I consider the US government my primary adversary from a data security standpoint, that means that any technology manufactured by an ally of theirs is untrusted. Hell, I don't even know for sure that CPU's don't contain anti-encryption backdoors, only that if they do, nobody has ever been sent to prison using data gained by unlocking a disk that way admitted into open court and then covered by a news source I use. They either don't have or can't admit to having that, which in the end are the same thing.

TPM modules might follow that example, or might follow the ATA security set example and I have no clue which, so no point developing my own software around using a TPM unless I can make my own TPM, which I cannot unless and until 3-d printers can work small enough to fab a chip.

Horray for more TPM weirdness!

I don't know how long I keep warning people about technologies like this. It seems hopeless.

There is one side: crypto accelerator ASICs. That can be a nice thing because it can help the user. As long as the ASIC is not compromised somehow (weak RNG, backdoors, algorithm weaknesses)
Anyhow, last time I heard about it these things were known to be horribly slow.

The other side is: crypto functions that work against the user. Means to enforce DRM. Restrictions to the user. First a baby of the content mafia now also being usable for censorship and control by political forces.

So we do have some kernel driver? And? Does that thing really cover the chip so we users are the lords of our hardware again?
Especially intel has never been friendly towards projects like coreboot. Instead they wanted to force down their UEFI crap down user's throats. A firmware so huge that it is just ridiculous. Firmware with the size of a monolithic OS kernel operating at lowest level, the first thing to be executed once the CPU registers see electric power. Things like SMM transparent to user and OS. What do we know about this binary blob firmware? What does it do? Not just behind our backs but in front of our eyes even, invisibly? Secure Boot? A nice means of firmware to use all sorts of mechanisms, also these TPM chips to make sure nothing else than Genuine Microsoft Windows 8 ist being booted. Dongling and welding together software and hardware. And, doesn't UEFI have a whole network stack? Uuuh, maybe even things like TR069 for remote control. Backdoor par excellence.

We should be really careful and be watching our steps.
Because once established things are hard to get rid of. And even if something might not seem to carry harmful intentions at first, the thing might arise certain desires by politicians.

As an example: Here in "good old Germany" we have a so called "Maut" (street toll) system (established in most other contries longer) that uses cameras on bridges or special stations (well, basically a metal frame over the Autobahn like it is used for traffic signs) and "on board units" on trucks. Thing was that the cameras scanned every license plate of cars that drove by. So by that in theory you would have total Autobahn surveillance. Of course they said it was only to collect the fees from the trucks automatically. Yeah sure. You could count the minutes until some politician screamed bloody murder we need this to ... do everything else that was not intended (or not officially intended). Probably he also meantioned "think about them children! Why doesn't anybody fink about them fricken children?!!!11111"
Tadaaa! And nobody could argue against that anymore, otherwise you are automatically a child molester.

It work universally. Establish something that gives you potential control / access to everybody. Pretend it is only for one purpose (smart meters anyone? "Internet of things" (net connection in your smart-fridge)) and of course your privacy will not be harmed blah blah. Then let the people pay the bill. Of course you pay your own hangman! Then, some time later have something happening. Scream bloody murder and demand the system you established can't be just lying around you^H^H^H WE must use it now for more purposes. Mention the words "terrorism" and "children". And say that anybody against your plans must automatically be a terrorism supporting child molester. Repeat with the next step. Repeat until you are allmighty.

It all happened before. But people just don't learn from history.

This example is also prominent by the fact that German government and high court are extremely offensive to video registrators, special dash cams. Even knowning that they all film in loop and only private street path of owners vehicle (not surveillance at all, since surveillance is target focused) and have proven themself to deliver Nr 1 independent evidence, they use "privacy vector" to label them near illegal. In Austria they ARE illegal, with NO people so ever understanding why.

To each move there is a counter

Hacking and general life are like judo:each move has its counter. For instance, if you know license plates are read and tracked, it does not matter whether you are a protesting college student or a kiddie porn vendor, you use the same countermeasure: not driving a car to any place you need to be able to deny having been. You switch to a bicycle before entering the danger zone, and there is nothing to photograph. If hardware will only boot Windows, you leave it on the shelf and get something that can run Linux off Ebay, buy a Chromebook, build from an unlocked "enthusiest" board that can be found as low as $80, or even get an old machine from the dumpster.

OK, suppose they sell Windows-only boards that still have any kind of bus (such as pci-e) or port allowing DMA access. Once you get on the bus with a device bearing it's own chip, you can write to arbitrary locations. This is how "bus pirate" board debugging devices can rescue bricked boards, safely replace malicious firmware-and no doubt replace locked firmware as well. The same principle has been demonstrated with proof of concept code for using a particular network card with a vulnerability to replace it's own firmware, then take over a computer. Just as poeple now have to resort to buffer overflow attacks to root and get control of their own phones, computer owners could use known vulnerable devices deliberately plugged into new boards to "take ownership" of them and root them at the firmware level. For each move its counter, just like in judo.

To stop bus-level attacks by machine owners deemed "black hats," by Corporate America, they'd have to put the locking code on a mask-programmed ROM somewhere the board vendor could not leave it out, and where the board could not be modified to operate with it removed. Even then they might be vulnerable to modchips, and this does exactly nothing about people they don't like stockpiling unlocked machines like they were guns and ammo.

1. The actualy requirements are more that they are configured to accept certain key types, and that you (a physically present user) can manage keys (add or remove),

2. And what verifies coreboot? Sure you signed it, but what checks the signature? Maybe use a write-once flash and epoxy the sucker on the board but it's not a repeatable process.

1. TPM's can't control cpu execution. What they can do is attest or verify weather you're running what you think should be running. Stopping boot can only be done by something in the boot process (BIOS, bootloader, or kernel)

As for the DRM potential, you can reliably identify the computer you're running on and attest to the software running on it. , and that's about it. Many Intel processors already do the unique ID part fo this, and windows protected pathway mostly does the second. . If you don't like DRM baked into your OS stop using Windows and Mac. Stop buying media encumbered by it.

Even assuming a 100% correct and sincere implementation of the TPM, specialized attacks could still get probes into it's inner workings and pull out keys, so now you ain't going to win if the U.S. of A is out to get you with all they've got. A TPM isn't make to resist physical tampering, but rather just detect it.

It likely is possible to create open firmware to run on certain TPM modules as well, or you can use physical tampering (monitoring) to make sure operations only modify the keys that they are supposed to. You probably could have an NSA in there floating along in parralel with the devices unique root keys, or the randomness of the root keys could purposely be crippled.

ATA security is at best and inconvenience. https://capec.mitre.org/data/definitions/402.html
They might have used the default master password as well,
Solder in a new controller chip

ATA security isn't a cryptographic protection, which is why it fails so easily. Anyways once an attacter is close enough to fiddle with your TPM on the fly, you're hoses in 10 other ways anyways (evil firewire attack, nanycam, keylogger...)

With physical presence the spec says you should be able to clear the tpm, but never should it be possible to dump (protected by both software and hardware features of the TPM)

But together with other handles installed it can. I might also be stretching the TPM / TCPA and what it stands for a bit over pure TPM 1.2 or 2.0 specifications. Generally DRM cast into hardware.

Well. 1st I didn't buy intel tech for many years now. One reason was the CPU serial number they introduced. Then remote deactivation in chipsets (I can understand one reasen there but still think it isn't bright) was another thing. Yes, I do not like DRM. I try to evade DRM before buying anything. Means: DRM free humble bundle, GOG purchases and so on are fine. Problem: BluRay or even DVD is barely available without AACS, CSS, region codes and whatsnot. And I am not just speaking for me, I am voicing my diapproval also in favour for the many people who do not know but then find themselves trapped. You know, "normal people". Not /. or heise or phoronix reading nerds.
They wonder when suddenly online activation does not work anymore. When something won't play. When they feel the effects of DRM.

A trustable TPM would make software keylogger attacks too time intensive to use

OK, suppose the TPM is used the way I envisioned using a trustable one: to contain only the bootloader/BIOS/kernel/initramfs hashes, not the disk keys. The result would be that a "first access" raid followed by a complex procedure against the TPM only gets the private keys that signed those items-but that key is no longer useful unless you are dumb enough to accept the computer back from the police and boot it after they may have signed a new BIOS or initramfs with your stolen key. This would not be an attack they could mount against your computer while a hooker they hired delays you for 15 knowable minutes, or while you are at a protest known to be an hour away. On the other hand, I assume TPM's made by US allied corporations contain backdoor code to cough up their keys for at least the NSA, maybe the Secret Service as well on a single command, simply because I have no way to prove to the contrary and it is technically possible to do this. Remember that ATA security set passphrase that turned out to have a quick and easy law enforcement bypass?

Anyway, we also know the MSS in China favors add-on hardware keyloggers from cases like one where a businessman blew off the hooker and raced to his hotel room to find a bunch of MSS goons had his laptop apart so they could install the hardware keylogger. Probably the FBI and SS also prefer them, as they require no advance knowlege of the OS or of the motherboard. En "evil maid" script written for Truecrypt is useless against cryptsetup and vice versa, and BIOS replacements require knowing the exact motherboard to be targetted. Hardware keyloggers are drop-in compatable, the defenses are to watch desktop wiring for additions and to epoxy down laptop keyboards.

This is so classic, its historical.
You cant stop buying this, because its the only thing that is produced. There is no choice, outside of buying and removing it manually. Hence supporting it and loosing warranty (or labeled criminal in worst case).