> exactly which security guarantees does the TPM make and to whom does it make them?
I suspect you already know. What the TPM provides is little more than what you get from the trademark and model number off an iPhone. The model number tells you precisely what the hardware is. The trademark proves that it's an Apple phone and model, not someone else's. As for "who does it tell" - the answer is anybody who cares to look.
The analogy breaks down because TPM does a much better job of it than a trademark and model number. There are fake iPhone's out there that fool people. Your bank relies on a TPM's claim your PIN or whatever is stored in Apple iPhone's secure enclave it's an ironclad guarantee. Even more remarkably this assurance can be given remotely without the bank ever being near phone.
As for "does your ad network really need to know how to disable DRM protections?" you are generally in control of whether the bank or ad network gets to access the TPM. Generally it's just a case "it you don't like the idea, don't install the banking app".
As for "stop it before it gets to the children", this child likes the convenience of he gets from giving banks, password managers and whatever the security of knowing they are running on hardware they trust not to leak my creds to random hackers. Sure, it can be used for other things, but shrug - if you don't like that, don't install the app.
I think this would all be possible without a TPM and those instances where my bank needs to verify my device is complete security theatre that negatively affects me and my systems.
My password manager feels quite happy without it, some futile regulation might require my stupid bank to check for TPM, but I do anything to not let it get near a PC.
With some TPM spoofing none of the features can work and the average security researcher can probably quickly confirm this.
TPM might be the wrong medicine if some bots down there even praise it as something advantageous.
I suspect you already know. What the TPM provides is little more than what you get from the trademark and model number off an iPhone. The model number tells you precisely what the hardware is. The trademark proves that it's an Apple phone and model, not someone else's. As for "who does it tell" - the answer is anybody who cares to look.
The analogy breaks down because TPM does a much better job of it than a trademark and model number. There are fake iPhone's out there that fool people. Your bank relies on a TPM's claim your PIN or whatever is stored in Apple iPhone's secure enclave it's an ironclad guarantee. Even more remarkably this assurance can be given remotely without the bank ever being near phone.
As for "does your ad network really need to know how to disable DRM protections?" you are generally in control of whether the bank or ad network gets to access the TPM. Generally it's just a case "it you don't like the idea, don't install the banking app".
As for "stop it before it gets to the children", this child likes the convenience of he gets from giving banks, password managers and whatever the security of knowing they are running on hardware they trust not to leak my creds to random hackers. Sure, it can be used for other things, but shrug - if you don't like that, don't install the app.