I’m a bit of a tyro here, so please forgive any genuinely stupid things I say here, but...
Would it be possible to write a subroutine that connects to the channel/tunnel during start up or shutdown, reads the TPM to a hidden file, then disconnects from the tunnel and frees it up for ordinary unimpeded use?
The user then uses the system as per normal.
The TPM mirror in the hidden file can later be accessed at the snooper’s leisure.
The problem is that the TPM requires a password to access it. If the password isn’t entered, the TPM disallows access. And as a matter of fact, the default setting for most TPMs for excessive wrong passwords is to completely lock down the TPM until it’s administratively cleared from the BIOS.
The only way to snoop the TPM is to interrupt the tunnel after it’s been opened by the user, but just like with VPN, any interruption to the tunnel means the tunnel collapses.
It would be cool if we could route any NSA spyware to an empty hdd partition running some weird random little script to make it think there is activity.