[flangola7]

I think you're missing the point. Attestation is just key signing and verification with more bells and whistles and overhead. DRM tries and fails for the same reason: you have to give the user both the key and the content. There has been 30 years of attempts to somehow obfuscate and keep them apart, all without success.

An attacker with physical access and unbounded time cannot be defeated.

[dane-pgp]

The reason why DRM has failed in the past is that it only takes one person to crack the DRM on their own device, and then they have an unencumbered digital file which can be copied and distributed freely.

Applying DRM to kernels and applications rather than to media files is completely different. If someone wants to have an E2E encrypted conversation, not only do they have to have jailbroken their own device by extracting the secret keys from inside its processor (using an electron microscope, perhaps) but their conversation partner has to have done the same to their own device.

Even if a few brave and well-resourced journalists/lawyers/activists managed to do this among themselves, they would quickly be exposed by traffic analysis, allowing the government to simultaneously arrest all of them and use their devices as evidence.