That's still essentially part of the boot process. You can't use dTPMs as HSMs for TLS or whatever because dTPMs are way too slow.