That's fair, although aren't most TPMs nowadays fTPMs? No interceptable communication that way.
Until they require fTPMs, an attacker can just choose to use a regular TPM.
A more sophisticated attacker could plausibly extract key material from the TPM itself via sidechannels, and sign their own attestations.
loading story #47383987
what about faulTPM? https://arxiv.org/abs/2304.14717
Can a TPM be faked in a QEMU VM?
loading story #47383926
loading story #47383932
loading story #47383922