TPM: It's not for 'securing' the OS, it's for securing the OS to the hardware platform.
It's clearly what the utterly pointless TPM 2.0 chip requirement is for in Windows 11.
TPM is not for 'securing' the OS/Microsoft's code base (it never will, it's bug ridden spagetti-legacy code beyond repair), it's for exactly that, securing the OS to the hardware platforms from Dell/HP/Lenovo etc, going forward to create a rotating conveyor belt of obsolescence. The writing is on the wall. In other words, "Vendor lock-in (Microsoft/OEMs), sold as a security requirement".
Adding the TPM 2.0 requirement in Windows 11 is a massive 'power grab' / shift in the ownership of computers, taking away the right of consumers/SMBs to install the software they want to and continue using it past its sell by date, giving the final decision aka. "Say so" to Microsoft/Dell/HP/Lenovo etc.
I'd go as far to say, it's jointly been stipulated by Government / GCHQ, by shadowy figures that think (or were told) signed legacy MS code using TPM 2.0, will reduce the number of malware/ransomware attacks/software piracy, by some flashy MS marketing exec.
A big fat "It won't".