[belltaco]

TPM 2.0 and Secure Boot are two different things. Secure Boot has been enforced by default for the better part of a decade now with the major consumer Linux distros supporting it, and can be disabled in the BIOS setup.

SecureBoot prevents a very dangerous set of persistent rootkits that are completely invisible to the OS, not sure why tech savvy folks are against it for the vast majority of computer users, even Linux ones. Many UEFI setups allow you to add your own keys to the EFI and self-sign.

>Linux always boots perfectly fine with TPM hardware support disabled, even when there actually is such a chip built in

That would mean Linux is less secure in that scenario since the TPM is used to secure store things like hard drive encryption keys.