TPM isn’t about locking down machines - they’re about enabling the user (who is always in control) to establish a trust chain for software on the machine - and to serve as a secure store for cryptographic secrets so they become inaccessible from the rest of the system.
You can have lock-out without the TPM anyway - like the pre-Fingerprint reader iPhones.
TPM technically isn't about locking users out, but will be (is) used this way - between enterprise customers and MAFIAA's desire for DRM, it's pretty much a given. It's a tool in the War on General Purpose Computing. Alone not enough to win it, and sure, theoretically useful for both sides, but for the enemies of general purpose computing it's an important cog in their war machine.
You can have lock-out without the TPM anyway - like the pre-Fingerprint reader iPhones.