It is absolutely used and designed for secure boot. There are now simpler mechanisms to accomplish the same thing, but if you want remote attestation, you need a TPM.