So the sole legitimate use case for a TPM is when you're somewhere with neither cellular service nor Wi-Fi (rare) and your portable device is off rather than asleep (rare) and you can't remember a long passphrase, which doesn't have to be unmemorable, it's just less convenient to type.
This seems like it isn't worth the cost in authoritarianism?
For that matter you could still implement even that with just a secure enclave that will only release the key given the correct PIN (and then rate limits attempts etc.), but then does actually release the key in that case and doesn't do any kind of remote attestation or signing.
> a secure enclave that will only release the key given the correct PIN
So...a TPM?
> This seems like it isn't worth the cost in authoritarianism?
You know what's really authoritarian? Having your computer practically only decryptable by some remote directory server, potentially not even under your control.
Computers have these neat things called "local filesystems". They're a real hoot. Maybe you can get one on your computer.