There was some interesting research presented at Blackhat that pointed out the problems of using the TPM as a root of trust in your platform: https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
The essence of the research is that the TPM is not adequate as a root of trust in the platform because the code that drives the TPM/does the system measurements resides on a mutable EEPROM (the bios flash chip). Therefore any attacker that can gain access to the bios flash chip via an exploit (the researchers presented one) or via an unlocked flash chip (see Yuriy Bulygin's related work) can forge the TPM measurements that serve as the root of trust in your system. This is important because software like Bitlocker uses these TPM measurement values to determine whether or not to decrypt your harddrive...
Slashdot Mirror
There was some interesting research presented at Blackhat that pointed out the problems of using the TPM as a root of trust in your platform: https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf The essence of the research is that the TPM is not adequate as a root of trust in the platform because the code that drives the TPM/does the system measurements resides on a mutable EEPROM (the bios flash chip). Therefore any attacker that can gain access to the bios flash chip via an exploit (the researchers presented one) or via an unlocked flash chip (see Yuriy Bulygin's related work) can forge the TPM measurements that serve as the root of trust in your system. This is important because software like Bitlocker uses these TPM measurement values to determine whether or not to decrypt your harddrive...