One real use of a TPM is whole disk encryption on laptops.
Used to be, if you encrypted the whole disk, then you had to type a password on boot, and that password would decrypt the disk.
If you just put that password somewhere, then a hacker would read it from wherever you left it.
With TPM, you can store the password in the TPM chip, and do "Secure Boot". The TPM chip monitors every step of the boot process, to ensure you're booting your normal BIOS and normal OS. If so, it decrypts the disk for you. If not, then it refuses to give up the key.
This means that an attacker can't get the key to decrypt the disk easily. I mean, everything is possible if you have enough time and money, or if you have an exploit, or if the OS or software has been configured insecurely. Your security only has to be good enough to defeat a realistic attacker.
This is clearly not as good as typing in the long memorised password on every boot. But normal people didn't do that. And it's a lot better than an unencrypted disk or a post-it note with the password stuck to the laptop.