Re: What's the real function?
Even now, Linux Distros tend to require a signing key from Microsoft to boot on EFI.
Secure boot and "trusted computing" was always (IMO) for the purpose of locking down the hardware against "unauthorised modification" by its tenant "owner", and that included making it difficult to install an operating system other than Microsoft Windows (or Apple OSX in the case of Apple hardware, which IIRC was first to adopt TPMs).
And for those users who have modified their PCs, microsoft and chums would like to lock them out of DRM'd software and digital content, including games (where it will be under the guise of anti-cheat measures).
I fully expect Microsoft's recent purchase of Activision/Blizzard to introduce mandatory TPM checks. You can certainly forget about future compatibility with Wine/Proton.