[MichaelGG]

The scenario you outlined is exactly the point of a TPM. In the case of an "MPAA movie server", exactly how would they verify the remote attestation? As I understand, they'd need to have some way of verifying your key. You would have had to opt-in to such a feature, right? The simple act of having a TPM doesn't give arbitrary third parties the capability to verify remote attestation. Unless I'm missing something critical.

On Secure Boot, you're right that a clone works. But if your device doesn't have an open Secure Boot system, like WinRT, then that device is DRM'd up as the OS can fully decide which programs to allow. An insecure clone means another device, but point taken.

[nocoment]

Yep, to be clear I was pointing out that a TPM with remote attestation can't avoid implementing DRM in the true sense of protecting specific content to the extent possible on the device.

I think the permanently gimped system stuff like a key restricted secure boot is really something else. It is in some sense an acknowledgment of the impossibility of DRM actually preventing every single copier and gains more from leveraging its play time monopoly to lower the value of all non-DRM content which may or may not be pirated.

A system that denied all open content with a TPM would indeed be very broken in terms of design and would only start to make sense if the hardware was much more customized than a typical PC platform.