Peertube

So basically, TPM is a secure bit of hardware on the mobo, that allow it to do data encryption, software signing, integrity checks, etc. All that is fine, good even, and Linux fully supports TPM modules, because there's a lot of good you can do with it, especially the fact that's in a hardware encrypted key store. Those 'secure enclaves' are HUGE for security.

The problem is how windows controls it. Basically, TPM 2.0 can store a bunch of hash values of various parts of your system- bios, bootloader, kernel, etc. It can use this to ensure nothing has been tampered with. it can also enable 'secure boot' which is basically to ensure only signed, confirmed software is loaded as the bootloader. Finally, disk encryption can be run through TPM 2.0.

Again, none of these things are bad... if YOU control the TPM module. But on Windows, you don't, windows or your OEM does. You don't get to boot your system without their permission. You don't get to unlock your hard drive without their permission. You don't get to change OSs without their permission. And finally, you don't even get to change hardware without their permission!

You can see how it's a problem when your OEM or windows itself controls that kind of thing regarding your PC. For right now, these problems mainly seem to occur in enterprise or OEM pcs, not prebuilts or custom-builts... but Windows gets greedier by the day, and frankly so do OEMs.

The goal is to turn away from decades of computer innovation and lock down and control your computer worse than your phone is now. You can already see the effects- Windows has started calling installing your own software 'sideloading,' for example, and making scary noises about how installing anything from outside the windows store inherently dangerous.

tl;dr: Companies hate the idea of you actually owning your pc, and TPM 2.0 is just another thing they're using for stripping that control away from you, bit by bit, in the name of 'security.'