And yes, there's nothing evil involved if they are owner controlled, something that honestly was heavily Microsoft pushed because they do have clients that insist on them - the DRM functionality in intel ME has keys controlled by broadcasting associations instead (this is why you can't stream HQ on Linux from official sources), same with part of why AMD PSP got some uncontrolled bits (the blackmail goes that if you don't do that, customers will quickly find they can't stream netflix/whatever in high quality on your hw and will stop buying it).

Personally I believe that owner-control of hw should be enshrined in law, just like right to repair and modify, along with laws against deceptive "looks and quacks like a sale, is actually a lease" practices

Have you seen OCP's Caliptra RoT, which requires OSS firmware, enforced by dual-signing of firmware by both OEM and owner? Currently for hyper-scalers, but this approach can be adopted by other enterprise customers, https://www.youtube.com/watch?v=p9PlCm4tLb8. Attestation will be done to Caliptra, which can then release SoC boot ROM from reset.