I still wonder if TPM can be used to protect the user from the businesses that serve them instead of protecting businesses from the user.
For example, I have been considering selling Dreamplugs -- http://www.globalscaletechnologies.com/c-5-dreamplugs.aspx -- with software such as Tahoe-LAFS -- http://tahoe-lafs.org -- pre-installed. However, I really do not want to be in the position where I could see or alter my users's data without their knowledge or consent. With the current state of the art, if I buy a bunch of Dreamplugs from Global Scale, install Tahoe-LAFS on them, and then sell them to my users, then I am in that position where I don't want to be. (Because I can install a backdoor on their Dreamplug which allows me to spy on them.)
But suppose my users could use the TPM (actually ARM "TrustZone") built into the CPU to verify that the linux kernel they are booting is a linux kernel that was actually signed off by Linus (or Rusty Russell, or GregKH, or Linaro or Debian). Then, while my users would still be vulnerable to that person (Linus or whoever) spying on them, and they would still be vulnerable to the manufacturer of the CPU (Marvell) spying on them, they would cease being vulnerable to me spying on them. That would be a wonderful improvement in my book.