Okay, so there's so much wrong here i don't know where to start.

> Like it or not, TPM was meant to increase security by deterring evil maid attacks. If you can't stop this sort of attack, your device doesn't offer serious security, and a feature phone with wifi/bluetooth/cellular data turned off probably has similar security

TPMs in their commercial implementation do not deter any evil maid attack. Only some special cases like HEADS Firmware actually protects you from an evil maid attack. TPMs, Secureboot, etc. merely prevent non-signed code from booting when the hard has not been tampered with. Tamper with the hardware and make it show a green "everything is fine" screen while booting a tainted kernel and device drivers and a tpm won't save you.

> Moreover TPMs were introduced over a decade ago and there's still no DRM that's based on it.

Google Play Integrity API is essentially this. Can't run certain apps on devices that don't pass TPM based attestation. Not exactly DRM but something akin to it.

> People did forget about SGX though, which came and went but had actual DRM built for it.

People didn't forget, it got broken so badly intel gave up on it.

> I've also never heard a peep about HDCP which is specifically for DRM purposes and is built into every GPU/monitor.

You've just not been listening. It's just that HDCP also has been bypassed a lot.