That doesn't provide the desired security, unless you also then carefully lock down the system so that the TPM doesn't provide the key if the software has changed. That's theoretically doable but challenging, with many failure modes in both directions: not being able to get into the system, or someone being able to get into the system when they shouldn't.