It doesn't. Your system creates hashes and appends to lists signed by TPM. And the point of those hashes is to be not unique, but verifiability matching known values.
No, I meant TPM. Media could be bound to have the TPM report certain hashes of the configuration registers that are either already set or TPM sets on system boot. Same mechanism that allows you to only open a document on specific hardware basically or allows an application to check if the system was perhaps compromised.
I don't think it's going to be useful this way for DRM. TPM is useful for verifying your boot chain is secure and validating this to an external party. But locally you can lie to apps all you want. You can emulate the TPM device (https://qemu-project.gitlab.io/qemu/specs/tpm.html) - it can tell you whatever you want. Locally it's as useful as hiding the DRM in a driver. Rising the bar a bit, but you can still work around it.
You're thinking of SGX enclaves not TPM.
> TPM also creates unique hashes of your system
It doesn't. Your system creates hashes and appends to lists signed by TPM. And the point of those hashes is to be not unique, but verifiability matching known values.