I'm at the second day of the OLS. Just finish a session on the Trusted Computing Platform and aren't impress at all. The architecture try to do to much when it's fact, it's only a encryption engine with some memory. At the basis, it should be a simple way to get an uncomprised encryption engine, allowing you to form trust from the BIOS to the OS to user space application and beyond. The architecture give you that, but this is just one way of doing so, and I really think that policy (which is quite important for trusting) must not be imposed by the tools that implement it. For me, having the encryption chip and a way to check the BIOS firmware will be far enough as a specification. Everything else should be let in the BIOS manufacturer, as well as the boot loader and OS authors so that great solutions can be created without having to circumvent the technology itself.