nostr:npub12jkyefx8vfp0mnmqkszjkzm6m8932t8nrjmejucg5auqvzjvu4rqqeuvhg nothing. Its not a binary thing of secure vs. not secure. Its a question of reducing the amount of hw/sw you have to put your trust on, and isolating key mgmt from the huge attack surface that the OS is.

There appears to be a trend btw to bring the tpm into the cpu btw, either in separate circuitry on the same chip or even in secure enclaves of the regular cpu. Which means the logic providing the (v)tpm support can then be properly reviewed/be open source.