This is complete speculation, but it could be like TLS.
That would make it much harder as you'd have to MITM the communication, not just sniff it. Maybe impossible to decrypt if both the TPM and the chip it's communicating with use keys signed by the manufacturer.
I don't think it checks what the CPU is doing at all. It just makes software able to check if the platform is signed by the manufacturer.
The way I understand it is that the keys are burned into the TPM at time of manufacture, and there is no way to extract those keys, software can only ask the TPM to encrypt/decrypt/sign/verify certain data using the keys.
The TPM can then be used to verify certain operations, eg to retrieve the key for an encrypted hard drive.
But it's all a trojan horse because the manufacturer is the one who controls the keys, not the user.
It's "trusted" in the sense that the platform is "trusted" by the manufacturer, not the user.
That would make it much harder as you'd have to MITM the communication, not just sniff it. Maybe impossible to decrypt if both the TPM and the chip it's communicating with use keys signed by the manufacturer.