The solution is to use an HSM such as the Nitrokey/Purism Librem Key (same thing) that has a LED that lights up if boot integrity is fine, including a TPM secret matching (maid can't clone that).
This is essentially the same solution, right? It boils down to having a single device that verifies the integrity of everything and never letting that device out of your sight. It's just marginally easier to do that when the device in question is an HSM rather than a laptop.