I know the gentleman opened with dismissing the things that TPM itself couldn't do as the myths of Linux Community (without saying as much), the bit he then got 'roud to somewhere around ~25:00 minutes in is where programmatically keys can be stored and removed from the TPM possibly by remote sources say from an API-gateway that's built into the OS or something just as a for instance of the theory. That my friends is where the Denial of Service Attacks come into play. When vendors, partners, Governments, etc. decide that those keys need revoking, they just do so, and whatever service or function that requires them stops working. We're a connected world, and too many things just do without consent, and even more ask and don't bother to properly explain the nature of that consent to the computer illiterate. So the net effect is they give full access to who or whatever to their systems without a second thought with a simple click and go about their day. No one, not many truly read the EULA and understand it. And even if they did, you can't negotiate, with the bits you say no to any way. So when people go to download a simple app and it includes a fun little extra, what's the harm, right? It's the TPM encrypting something vital permanently, built into the system, like in that story, like Windows11 demands as a requirement (not withstanding that it can be bypassed). Just because it says its security doesn't mean it is, just means it can be used for that, the TPM is a raw element, not the end product of security, and can be abused just as feared or imagined, as easily as demonstrated here. We expect only the eval boards to be so easily accessible, but who knows, and that the thing. Now, I'm not saying it can or will be so abused, but that those are the concerns, and talks like these are good in the grand scheme of things, but do sort of confirm the potential, after a fashion if the production units are similar to the eval units by any other producers. But again, I ain't one to gossip... .

4:02 I use a LetsTrust board with a SLB 9670 it does not have AES

This was Day 2, Stage 7 for refrence. I believe this was the first speaker on that day: kzbin.info/www/bejne/emWtkmloprSWaqc And this is the whole playlist: kzbin.info/aero/PLK3T2dt6T1fd65u8sx01jRrp9aVquXIpN

I'm not entirely sure what the point on having a TPM unit installed in a system that costs that much with a 3 permanent bricking function, or even a 24-hour lockout specialized or not. I mean It could have been made on an EEPOM or FPGA chip so it could be reprogrammed if it had to be "rigid" for the speed of hardware, but for the built in self-destruct feature, at the cost, that has got to be a tough sell, especially when stories like this start circulating. But I ain't one to gossip... .

Leaving most of the actual important stuff "for the reader" makes this basically a useless talk.