Unbreakable DRM for software, such as for your $80 billion game business or your subscription office suite.

As a bonus, it prevents those pesky Windows API compatibility tools like Wine from working if the application is designed to expect signed and trusted Windows.

Maybe instead Microsoft could allow Windows 11 to install and run on machines that are otherwise capable and just flash red screens at you all the time where otherwise ads would show up that constantly nag that "THIS COMPUTER IS FUCKING INSECURE!" or something. It would be equally as annoying but I'm sure running latest Windows 11 but with TPM 1.0 instead of TPM 2.0 will be more secure than running Windows 10 without bug fixes and security patches.

(But my understanding is there were other things like bumping minimum supported instruction sets that happened to mismatch a few CPUs that support the newer instruction sets but were shipped with chipsets using the older TPM)

And clever people found out the way - https://www.tomshardware.com/how-to/bypass-windows-11-tpm-re...

Hardware key storage is a low level security primitive. Both Android and iOS have mandated it for far longer. It's a low level security primitive that enables a lot of scenarios, not just DRM.

For example - it's not possible to protect SSH keys from malware that achieves root without hardware storage. Only hardware storage can offer the "Unplug It" guarantee - that unplugging a compromised machine ends the compromise.

> With TPM enabled you finally give up the last bit of control you had over the software running on your hardware.

The overwhelming majority of users never had any kind of control over the software running on their hardware, because they don’t know (and don’t want to know) how the magical thinking machine works. These people will benefit from a secure subsystem that the OS can entrust with private key material. I absolutely see your point, but this will improve the overall security of most people.