What is DRM trying to solve?
Here is a quick but interesting analysis on DRM, by Edward Felten.
What is the threat model that DRM is trying to mitigate? Is it casual-copying or massive napsterization? He rightly points out that although the media companies seem to mostly complain about the massive internet copying, the various DRM solutions seem to be oriented on the casual copying scenarios.
From what I understand of Palladium, it has potential for raising the bar pretty high for breaking a DRM solution (although DRM isn't advertised as Palladium's primary application). But we have to remember that once broken, any unprotected media will be free to get napsterized. This is known as the "BORA" property (Break Once Run Anywhere).
The question is how difficult is it for a determined hacker group to de-protect a piece of media.
Since protection against a local hardware attack isn't a goal for Palladium (at least in its first iteration), there might be bus or memory attacks that will give access to the un-protected data.
Software flaws will probably still be a big attack vehicle (the largest?), as a buffer overflow in a "trusted" program would allow unfriendly code in the "trusted" memory. But they might be mitigated by a greater difficulty to analyze and exploit the target program (as the part of it, the agent, that runs in "trusted" mode can't be debugged afaik) and the reduction of the size of the sensitive code, by separating the trusted component/agent, will help making it more robust.
A description of the Palladium system by John Manferdelli (General Manager, Windows Trusted Platform Technologies).
Update: Cory Doctorow gave a great presentation at MS about DRM and published the transcripts online.