Interesting article in a German online magazine about why the Librem Mini is less secure than other Librem products regarding the secure (against evil maid attacks), verified boot via Heads, because of the missing TPM chip:
The TPM is typically not under user control, while something TPM-like, such as the Librem Key, or Nitrokey, is. Also, as @Kyle_Rankin often mentions regarding benefits of the Librem Key, if the TPM fails, obtaining a replacement is not convenient and feasible for the customer, whereas having multiple backups of the Librem Key is.
A TPM isn’t necessarily a standard component, although for hardware that expects to run modern versions of Windows with SecureBoot enabled perhaps it is.
In any case it took a few revisions before we ended up including a TPM in the Librem 13 (which is why this TPM-less feature was created to begin with, so people using TPM-less Librem 13s could have some degree of additional security, even if it wasn’t as strong as with a TPM). We do want to have a TPM in the Mini in a future revision as well, the current versions just don’t have one, so you fall back to TPM-less mode if you choose PureBoot over the default coreboot firmware.
That would be new. To date, I’m unaware of any DRM protected media that requires a TPM to decrypt or to authenticate viewing of the media.
That said, I’m pretty sure that if media was being sold that had that requirement I’d probably steer clear of it.
And to add to this thread, I would say that the lack of a TPM in conjunction with heads and coreboot bundles seems a little misleading. Regardless, I would have bought a Mini if it had a TPM.