TPM chip is hiding the keys, granted, but exchange and authentication can be accessed by connecting to them physically (by probing / soldering) to authenticate with the server. Since these devices have to run without requiring a password prompt. Secure boot works because you have to enter a password to decrypt using keys hidden away in the chip separated from the drive. If you have the chip (it has nvram so it will keep it's keys even if you rip it off the board) there's nothing stopping you really. Or did I miss something?
Then, I assume there's a spec / RFC for the standard, giving you a TPM chip you can use to authenticate given that you reverse engineer the entire authentication process. With local access to hardware, everything is possible, which people WILL have since they are in the car
https://www.forbes.com/sites/daveywinder/2020/01/09/can-you-hack-a-tesla-model-3-500000-says-that-you-cant
Those hacking competitions excludes you from probing into the actual hardware, I think.
So my thought is that yeah it's useful for non-critical communication. That is, the communication should not directly control your car.
The consequences might not be big anyway, since there probably is going to be consensus algorithms catching erratic data.
Yeah I was thinking of a cloud service with millions of cars connected to it with adequate response to all the other cars to avoid direct communication between the cars.
E.g. EtherCAT can be very responsive. I have worked on that