TPM did not get key from nowhere. The key need to come from network or locally generated as long as it is not preloaded when manufacturing. And in either way, it should be possible to intercept/fake it.
Apple devices with a secure enclave have the ability to attest to their identity, and also attest that keys were generated on a secure enclave (this functionality is very locked down for privacy preservation purposes, but is certainly available to Apple). If Apple is willing to lock out any device shipped without a secure enclave (which would probably be an excessive number of Macs at the moment - the iMac only started shipping with a T2 in the 2020 model, although the iMac Pro did have a T1 earlier than that) then it's absolutely possible to restrict access to actual Apple hardware with no risk of key interception.