@blakeyrat @chiraag @rcombs
There is a prototype implementation for chromium (https://rupertbenwiser.github.io/Web-Environment-Integrity/), but it is largely incomplete with a lot of info marked as TODO. However it does at least confirm much of what I've said - client side code communicates with a centralized attester that verifies the validity of the client. If the attester (Google) doesn't like the client or it's settings you must change them, thus Google now decides what you can and cannot do with your hardware.