[kukrimate]

Is anyone here talking about survaillance??

That "attestation" in the full disk encryption case means your disk encryption key only being available to the operating system you chose to install. And disallowing the ability of a laptop thief to change that.

Or remote attestation can be used to restrict access to a corporate network to corporate controlled devices only. No one surveills you, or has access to your device in this scenario either, the TPM there is used to produce a certificate of the device state that can effectively act as access credentials to a resource.

This is about recognising the fact that the person in physical possession of a device isn't necessarily the legitimate owner.