It is not quite that simple.. The TPM systems I've seen implemented all come with the fundamental assumption that the BIOS is trusted, and from there they build a chain of trust down toward the OS. The basic idea is that the BIOS hashes itself, tells the TPM and then permanently locks that portion of the TPM, then it hashes the OS, tells the TPM and locks that portion. Then the OS runs and more stuff is hashed and locked. Once locked you cannot go back.
If you replace the BIOS then you can start the TPM up without locking out any localities and feed it bogus hashes till the cows come home and it will be quite happy to attest that the system is legitimate.
Presumably systems implementing a TPM like this also include a hardware lock to prevent the BIOS flash from being written after the BIOS boots, but there is nothing preventing you from replacing the flash chip entirely. Socketed SPI flash is still pretty common these days for BIOS's :)
So it can be a pretty effective guard against a network compromise but not physical.