It should be required from day one. This tying of specific user-environment software to hardware is a straightforward antitrust issue, and frankly should never have been allowed to fester as long as it has.
The industry should be made to move to security models that don't revolve around baking in manufacturer-privileged keys (verification or attestation). Internal groups developing any default user-environment software should have to stay at an arms length from the hardware team, and only be using published documentation.
The industry should be made to move to security models that don't revolve around baking in manufacturer-privileged keys (verification or attestation). Internal groups developing any default user-environment software should have to stay at an arms length from the hardware team, and only be using published documentation.