I'd like to know more about why you say it's ineffective as a security measure?
I'm thinking (only thinking, no real plans) about deploying it in a large academic environment, where we're able to take kernel updates all the time and in fact have auto-updates, and the local machines are also stateless so we can reinstall them at any time. Trusted boot would let us know whether or not the system was booted normally or e.g. from a CD or in single-user mode, and whether the disk had been tampered with since last time it was trusted-booted. We're fine assuming that we take updates often enough to avoid rootkits (and in fact we have no network login on these machines), and that in case we suspect something we just want to trigger a remote reinstall.
Will trusted boot and remote attestation not work here?
Note that we have no desire to prevent people from rebooting terminals into a live CD. We just want them not to mess with the hard disk when doing so, and we want to know if they _left_ it booted into a live CD.