Most users do not change boot firmware of their computers. Trisquel is better for their freedom and privacy than Ubuntu.
TPM is just mostly useless, it has no security issues. There are other worse components, like Management Engine that on all recent Intel chipsets (optional since i965, required after GM45) uses nonfree signed software stored in boot firmware chip, that provides AMT on (officially only) some chipsets. UEFI makes boot firmware more complex, it has the same freedom issues as BIOS or other similar software. Secure Boot makes booting free systems harder (requiring changing some settings), restricted boot is not done on x86. Libreboot port needs coreboot support for a device without blobs. No post-GM45 Intel system will be supported, no AMD system will be supported with graphics unless someone replaces some blobs. See coreboot documentation for how to port it to other devices, it needs much experience (and is a possible way of getting such experience if you choose an appropriate target system).
pgpf_fUS0rkWu.pgp
Description: PGP signature