Where does the password come from? Why can’t it be intercepted and stored at start up, then reused to open the tunnel at shutdown, read and save the TPM, and quietly disappear?
The channel used to transmit the password to the TPM authenticator is the same secure channel used for communications. Direct interception isn’t possible. They could use a keylogger, but then there are larger security problems if someone has a keylogger on their system.
Also, the TPM is enabled and active during the entirety of the session. Accessing the TPM while the system is offline is not possible. Accessing the TPM while the system is asleep is technically possible, but the channels to get to the TPM on an S3 motherboard are not usually open.
TPM stands for Trusted Platform Module for a reason. It’s intended to act as a non-repudiation and platform authenticity modality. If two-factor authentication is used in your environment (i.e. cert and password), this is just another form of authentication of a platform on a network or system.