Let's assume that you don't buy an ASUS TPM-M R2.0 module from an official retail seller of ASUS but, say, at a half of the price from an unknown seller on Amazon or eBay. What's the chance that you get a fake module, or, even worse, a malicious one? Would it hurt you if it says it's from ASUS but in reality from someone else? How can such a module be malicious, and would it hurt you if it is?