Also, how is the time limit enforced? With hardware access, it would be easy to change time or increase the clock rate, as well as many other side-channel attacks that could eliminate the wait altogether.
I had a friend working at trusted compute at Microsoft, and he had so many stories.
These TPM firmwares are often written by shitty companies that have no fxcking clue what they are doing.
Most TPM implementations are a clown show, companies just want to check a box on paper so they say "look! We have a TPM!" and move on.