1) The TPM still can't control your computer(yet). It can only measure it's state, allow you access to keys you created in some state, and attest to things about the state (which would allow other parties to mandate what state your system is in when interacting with it, but presumably those entities would be bond by German law and likely be German themselves)
2) If Microsoft wanted to backdoor your system, they don't need the TPM to do it. In fact, the TPM can be used to protect against a whole bunch of malware that various intelligence agencies might use: it can protect keys with passwords (with rate limiting/self destruct for guessing), make sure the system is in the same state(i.e. malware free) when you created you PGP key as it is when your using it to decrypt an e-mail, and it can isolate an application from the rest of your system.
- I can't enter BIOS before entering OS.
- Once I enter the BIOS from the OS I can't activate the hard disk password.
- I can't install the Windows 8 OS clean. The MSFT has the deal with the computer producers that doesn't allow them to deliver the pure OS medium, you can only backup the already present installed files to some external HDD.
- Because of the previous and the fact that the binaries are controlled on the hardware level (TPM), I have no control of what's running on my computer -- I can't know, to be precise.
- It's even worse than that, there is some Intel built-in technology on the hardware/BIOS/drivers level which also has built-in "features" that allow communication with some external "command and control center" which I don't control. It supposedly allows, among other "features" disabling the notebook once it's stolen. But I don't control how it's done, and I don't know if it has additional backdoors. It proudly claims to facilitate "remote access."
It's scary how it looks like all together. I haven't even figured out how I'd be able to install Linux on the computer. In some forums people claim that the OEM should allow that, but apparently a lot of people haven't managed to actually install it on different specific computers -- there are BIOS problems that can't be avoided, and the OEMs don't give you support or the updates. Mine is an Intel i5 processor-based modern Acer. It's fast, but I have no control. Definitely not FUD.
Personally I like Apple approach more: thanks to their approach of the OSX or iOS (no third party pre-installed crap) at least I have to just trust Apple. Here I have to trust Microsoft, Intel and every company who has the drivers on my machine. Much more chance for some of them to do what they want, in the name of "cloud." Remember routers that are controlled from the producer of the router, even "protecting" you from browsing all the sites? Remember Android phones which upload all your passwords to the cloud of the mobile operator? That's where the "cloud" support of the driver writers goes now. It is scary.
(Globally, we're talking about this: http://xkcd.com/743/ -- We've been giving up the control of "infrastructures" for a long time)
The discussions of kernel-level "giving up control" existed in Palladium and "technologies formerly known as Palladium (http://en.wikipedia.org/wiki/Next-Generation_Secure_Computin...) even 10 years ago but with Windows 8 they start to be ubiquitous and nobody even notices.
... they already have Windows Update. It cannot be null-routed (respective entries in /etc/hosts are simply ignored), it is virtually always on and it can be trivially used to deliver custom patches to specific boxes. What more can you ask for?
The new "you as the user can't control the kernel stuff, even with the debugger" concept is really about the user (you) giving up the control. The excuse is that you as the user aren't supposed to be able to copy movies. In practice, you have no more control of your own computer whereas the companies have real-time control even of the content by directly controlling your computer. Some routers already did such stuff. It is really worrying -- having the part of the "great firewall of China/whateverothercountry" on your own computer which you paid with your own money.
(1) And in fact also have total confidence in the compiler itself: