Honestly, the user is the biggest security risk in the first place. People run all kinds of malware and put their passwords into phishing sites all the time. One thing a TPM is used for is secure boot, which prevents malware from inserting its own bootloader to take over the OS.
This one big question around the T in TPM, has anyone found a satisfying answer yet?
T is for “trusted”. So far it was easy.
But who is supposed to trust whom?
The only case I found plausible so far is, that M$ can now decide whether or not they want to trust your PC (against you, the user).
Honestly, the user is the biggest security risk in the first place. People run all kinds of malware and put their passwords into phishing sites all the time. One thing a TPM is used for is secure boot, which prevents malware from inserting its own bootloader to take over the OS.