The problem is that the TPM requires a password to access it. If the password isn’t entered, the TPM disallows access. And as a matter of fact, the default setting for most TPMs for excessive wrong passwords is to completely lock down the TPM until it’s administratively cleared from the BIOS.
The only way to snoop the TPM is to interrupt the tunnel after it’s been opened by the user, but just like with VPN, any interruption to the tunnel means the tunnel collapses.
Where does the password come from? Why can’t it be intercepted and stored at start up, then reused to open the tunnel at shutdown, read and save the TPM, and quietly disappear?
[ the default setting for most TPMs for excessive wrong passwords is to completely lock down the TPM until its administratively cleared from the BIOS.]
And in some cases...
“If the manufacturer of your computer has already placed a certificate in the TPM, and that certificate has expired, then when Windows 8 activates the TPM, your computer’s motherboard will brick itself.”
http://www.kubuntuforums.net/showthread.php?58236-Windows-8-and-TPM-a-frustrating-tale-of-astonishing-stupidity
Oops.