Apple still does not integrate a TPM into their laptops.
And it doesn't matter, even if they did, you could modify the firmware on flash to bypass the checks.
There is nothing stopping someone with physical access from removing the firmware password via SPI flash.
It is a fundamental flaw of x86, IMHO, that there is no Boot ROM (BROM) which can perform signature/integrity checks on the UEFI firmware. ARM has this, x86 does not.
And it doesn't matter, even if they did, you could modify the firmware on flash to bypass the checks.
There is nothing stopping someone with physical access from removing the firmware password via SPI flash.
It is a fundamental flaw of x86, IMHO, that there is no Boot ROM (BROM) which can perform signature/integrity checks on the UEFI firmware. ARM has this, x86 does not.