I think you went from philosophical to tinfoil hat pretty quickly there. The user experience should be "It just works, gets out of my way and keeps me safe". As always, you can choose to use those features or disable them.

We already rely on our governments (local, state, federal) to provide high levels of all sorts of services (Safety regulations, justice, law enforcement, education, transportation etc etc). Government is not inherently evil. It pays to keep this in mind. If your country is on the brink of falling into fascism and the only thing holding it back is a passionate discussion about TPM modules then I think there might be some other things that are wrong and should be fixed first!

There are also a multitude of scientific studies that should that people do not always behave in their own best interest. A prime example being windows UAC.

So, while a closed Secure Enclave is a good thing, an open one is better. It simply allows more people to verify and to assert their trust over the given architecture.

Choosing what to trust is your imperative and I agree we should be free to use these modules or not.

As for communism - it suffers from the same problems as capitalism and anarchy - those who are in power will abuse it if they are allowed to.

Does anyone know if there are any other hardware providers? You could then choose to trust someone other than Intel.

I 100% agree with you. It can however increase the difficulty of an attack against the computer (if it is used).

The RISC-V secure enclave stuff recently reported on should be a nice extra.

There are those of us that want freedom and believe people are smart enough do decide what is best for them and there are those that believe others mainly government and institutions always know better than the people. THat being said trusting corporations to decide what is threat and what is not is always road to fascism (or as Mussolini named it corporationism) and sooner or later people end up with no choice.

Ideas are always great. Communism in its core also has great ideas.
So as long as I will have interface which would allow me to set what I believe is trustworthy and only defaults are set by corpo than it should be fine for everybody. Otherwise we should never allow it.

The problem is that the TPM hardware chip contains closed-source firmware, and is essentially a mini-computer. We don't know what it can access and what it's doing. All we know is that we can securely store and retrieve keys - but no way of knowing if it's actually secure, and whether or not there are backdoors.

I though you were against FUD? this is all that video is selling. and as for the "only the user really knows what to trust" argument that is being put forward in that video - trusting a user to do the right thing all the time is a very dangerous road.

As for this trust system (and any other) it seems that it increases the difficulty for an attacker - which is the goal.

Most cheaper laptops/motherboards/desktop come without TPM, and you'll just have to enter an extra password at startup to secure the HD through luks or bitlocker.

It's important to not confuse TPM which is a separate chip with Intel ME/AMD PSP. TPMs are a convenience, and optional. They are necessary if you don't want to enter a password at startup but still boot from an encrypted drive, like for a server. You're trusting a TPM module about as much as you would trust a Yubi key.

There is a difference between "trusted" and "trustworthy". In this context, "trusted" really just means "high-risk", and implies that a certain standard of rigor goes into ensuring that it's worthy of somebody's trust.

I think the idea is that the TPM stores they keys for full-disk encryption, and hands them to the CPU only if trusted software is running.

Examples:

"Used for full disk encryption" only by people who earnestly believe that their few-cents-TPM chip could encrypt/decrypt data at the I/O rate of modern NVMe storage. Less misguided people know that the CPU will need to know the symmetric encryption key basically all the time while the system is running, so it isn't any safer when it is also stored in the TPM.
Ah, and then of course there are those who leave it to the manufacturer of their storage device to implement encryption, which, while technically of course possible, is a gamble on abilities and diligence of storage manufacturers one should seriously not get into.