I am a software developer, so I have some confidence that I can at least personally verify that the source doesn’t do anything malicious.

And while the software doesn’t have to use TPM, it shouldn’t be up to the software, it should be up to me, the user.

Windows 11 enforces using TPM 2.0, so I get no choice in the matter.

If it becomes standard to use TPM, I the user lose control.

You can keep using your encryption keys in clear memory, visible to any privileged software.

What kind of software would I give kernel level access to? Honestly the only thing I can think of is if I ran it all in a virtual machine and the VM memory was dumped, but other than that, it would imply the OS itself is accessing the RAM, or a hardware level vulnerability allows it, but at this point, how is TPM even going to help?