http://technet.microsoft.com/en-ca/windows/dn168167.aspx
and
http://technet.microsoft.com/en-ca/windows/dn168169.aspx
and
http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf
1) Note you must install Windows 8.1 using UEFI mode in the BIOS. If you install as Legacy (non-UEFI) you can't switch later without re-installing the OS.
2) UEFI SECURE is an optional feature so not all UEFI motherboards have it.
3) You do not require a TPM module if the board supports UEFI Secure mode. From what I can tell the board is already doing what TPM would.
*Here is why I said the above:
"Secure Boot is an optional feature of the UEFI specification. The choice of whether to implement the feature and the details of its implementation (from an end - user standpoint) are business decisions made by Original Equipment Manufacturers (OEMs). As of this date, no one has claimed or demonstrated an attack that can circumvent UEFI Secure Boot on a systemon which
it is properly implemented and enabled."
*Anyway, if your main purpose is to prevent boot-time hacks then I think this might be the best approach but don't quote me:
1) Buy a motherboard with a TPM mount or ensure it has UEFI SECURE
2) Buy a TPM module and install it only if the board has a TPM mount but isn't secure without the TPM
3) Install Windows 8.1 in Secure UEFI mode
SUMMARY:
AFAIK it just makes sense to buy a motherboard that supports UEFI SECURE mode then install Windows 8.1 when this is enabled in the BIOS.
I'm not quite sure what TPM offers if you have UEFI secure.