If you read the paper in detail, it says that the attacks affect Bitlocker, not all TPM based security. They do not compromise the authenticated boot capability of the TPM. You still cannot pretend to have booted a different system to the one you have.

There are plenty of things to criticise about Trusted Computing, but spotting boot-process malware is one thing it does very well. It works for the question "has this platform been booted with the correct software?" but not "has this platform always been booted with the correct software?"

It's situation dependent, of course, and it may not provide the necessary security guarantees that are required for cloud computing. But it comes much closer than a purely software-based solution can.

Yes, but this requires physical access. The TPM is designed to prevent (or make noticeable) purely software-based attacks. This changes the risk considerably. If you have some confidence in physical security, you're now in a much stronger position.

While what you say is broadly true, it isn't about absolute security, but about raising the bar high enough. If you make it more difficult to break the security than access to the machine is worth, you've won, even if the security isn't perfect.

Trusted Computing would let you do exactly that. Which is why Trusted Cloud Computing has been suggested.