TPMs have a private key permanently burned into them at the factory. I have to trust that the manufacturer will not use their ability to know what the key is.
They do? I was under the impression that TPM was specifically designed to be able to be re-keyed, with the only permanent keys being "endorsement keys" used to verify the TPM's origin and identity (e.g. that someone didn't sneak in and steal your TPM or replace it with an attacker-controlled facsimile).
