Here’s the dedicated website for the vulnerability. It is an interesting read on what the attack is, and how the researchers went about finding and exploiting it.
Since, to my knowledge, Purism uses a separate on-board chip for the TPM, is it the ST33? And if so, is there anything users can do to mitigate/protect against the attack?
Edit: replaced ZDNet link with link to dedicated website.
In community/general Matrix channel, Nicole said they use an Infineon chip, not the ST33
Not only do we use an Infineon TPM chip, we use a different version of firmware than the timing attacks worked with.
Sure but did the researchers say that they had tested the Infineon chip and found it not to have the vulnerability based on their testing?
Or the researchers tested just the two TPM implementations that the article mentions and found them both to be vulnerable?
The link to the actual paper appears to be broken.
At the software level, cryptographic implementations have been patching timing side-channel attacks repeatedly over the last many years, so it wouldn’t surprise me if quite a few TPM implementations had the same problems.
The one saving grace for end-user devices:
A local adversary can recover the ECDSA key […] depending on the access level. We even show that these attacks can be performed remotely on fast networks
Most people will work towards not having local adversaries on end-user devices!
Unclear what “fast networks” means. Maybe they mean that sitting on the same GbE, you can conduct the attack remotely. I’m sure my internet connection wouldn’t qualify as a “fast network” 
but perhaps for some people that is possible.
Again, if we could read the actual paper, clarification may be forthcoming.
Sure but did the researchers say that they had tested the Infineon chip and found it not to have the vulnerability based on their testing?
Yes, they tested Infineon’s SLB 9670
Here’s a link to their GitHub where they apparently will release code you can test.
I downloaded the paper from here.
http://tpm.fail/#FAQ