Re: " then other people criticise it, and instead of replying to the critique in a sensible way"
a) We live in a vendor dominiated economy. If no vendor offers open systems, you cannot buy them. Most high profile ARM devices are already locked down, and Microsoft has already made some steps in that direction, shutting down (still rather obscure) features like connected standby. Windows 8 on ARM even forced secure boot. https://www.heise.de/newsticker/meldung/Microsoft-erzwingt-auf-Windows-8-ARM-Geraeten-UEFI-Secure-Boot-1413109.html
Being able to turn off Secure Boot is now an optional feature:
https://www.heise.de/newsticker/meldung/Windows-10-Neue-Geraete-nur-mit-UEFI-Secure-Boot-und-TPM-2582371.html
b) I need to have the secret keys on the same system, since in the full concept of "Trusted Computing" no code should ever run that is not signed. Therefore every little 3 line program I write as a bash script would have to be signed. Since the whole hypothetical advantage of "Trusted Computing" relies on there being a complete chain of trust to be unbroken, I have to sign every command. Otherwise the whole tower of babel breaks down.
c) Yes, I know what malware can do at the boot level, but that's largely irrelevant as you can reach the same relevant goals even in unprivileged userspace. It doesn't matter if you have control over the kernel without the user knowing, as you can access all user files via its user privileges. It doesn't matter where you enter the system, once you are inside, you have typically reached your goal.
d) BTW nobody talks about "running pirated copies" of whatever. I don't see why you bring up that topic.
However, at least you had some arguments, and I applaud you for that.