If you replace the mobo, you'll be installing one that either lacks TPM entirely or lacks the correct private keys in the TPM; then it can't send in proofs that it's running the right code (even if it weren't running the wrong code). Consider the model where there are cash registers out in the main part of the store and a server in the back in some more secure location. An attacker may be able to break in and mess with the registers in the middle of the night. But in the morning, the server will keep insisting to the manager that the cash registers aren't right. The goal here is to make subverting a machine that people may get physical access to as difficult as subverting a better-secured machine or subverting a sealed chip package.