So okay, you again assume that software is immutable. But Windows has to store these trusted keys somewhere. What if I emulate the TPM with a key I generated myself, and patch Windows to trust that key?
Uh, that's a thing?! How do people install Linux then? How does that work with PCI cards that contain executable code in their ROMs, does that code have to be signed by overlords now?
Basically, when MS started requiring Secure Boot on Windows computers, there were a few anti-trust actions against then that looked at this action. So they back-pedaled and required that people should be able to disable Secure Boot on x86 and amd64 computers. They also created a 3rd party certification program, that those distros one buys could pay for and get signed.
But make no mistake, MS completely control the specs of any PC available to you, and will not miss a chance to remove the support for 3rd party OSes.
I just feel like if everything available gets locked down, people would simply resort to running more open OSes in emulators or virtual machines. Set to autostart in full-screen, so the only part of modern Windows they ever see would be the boot sequence. Like you could install DOSBox on an iPad and basically use it like a full-fledged early 90s computer, especially if you have a keyboard.