The TPM as a device is completely democratized and accessible by the normal user.
You can use it for platform attestation (which is this post is trying to point out might be broken in some cases), but it also works as a "discount" smartcard where you can seal data and shield keys.
Two examples here which I have written:
A file encryption utility for `age` that shields the keys in the TPM.
https://github.com/Foxboron/age-plugin-tpm
`ssh-tpm-agent` is an `ssh-agent` implementation that enables you to create TPM shielded keys and does signing operation on the TPM.
https://github.com/Foxboron/ssh-tpm-agent
Conceptually both of these tools can also use PCR policy sealing as a form of platform attestation, but I have not implemented that yet as it's a bit hard to do this in a user friendly way UX wise.
As noted by others, you can also do disk encryption. `systemd-cryptsetup` does this on Linux.
https://www.freedesktop.org/software/systemd/man/latest/syst...
> Afaik, if you want access to a chip like TPM, the OS will need to cooperate as such I/O access or MMIO or however it's accessed, will be privileged instructions likely.
Not really? `/dev/tpmrm0` is a TPM resource manager for Linux that is accessible by being part of the `tss` group.
> I'd find it somewhat logical an OS or loader component starts verification, and then components upwards in the chain are well, chained together via verification, taking away the need to access the TPM after the initial modules are verified.
This is only one of several use-cases of a TPM :)
This is also orthogonal of whether or not Secure Boot is part of the chain, depending on the operating system.
