It's much worse than just TPM now: https://learn.microsoft.com/en-us/windows/security/hardware-...

All modern PCs ship with Pluton coprocessors. The end-to-end remote attestation hardware infrastructure is all already there, waiting for someone to flip a switch and turn it on.