On the other hand, the TPM spec is pretty complex, especially because they wanted to address privacy issues: the endorsement key, burned by the manufacturer, is only able to encrypt messages and not able to sign them, because this could have been used to track machines. (and this makes a remote attestation protocol much more complex to implement)

So, it looks like they were aware about such kind of issues and tried hard to mitigate them.