The same thing will happen that always happens... some TPM vendor that has millions upon millions of devices in the field will have their private signing key leaked. MS won't be able to cripple millions of machines. Bam, before you know it someone has a patch for QEMU to have it emulate a device with random identifiers signed using the leaked key.