Verified boot chains are one thing, but say you're a bank and you wish to reduce the rate of people falling victim to malware that uses kernel-level privileges to snoop out credentials. The user benefits (at least from your perspective as the bank) from being less impacted by fraud as the banking website will no longer even let the user enter their credentials.
Either you build a massive database of "known good" combinations of hardware, OS, kernel modules versions and corresponding TPM checksums, or you leave that job to a third party - and that is what remote attestation is at its core. Apple has it the easiest there, they control everything in the entire path, while Google has to deal with a myriad of device manufacturers.
Note I massively dislike the path that more and more applications take to restrict user freedom, but I do see why corporations find it appealing.
Either you build a massive database of "known good" combinations of hardware, OS, kernel modules versions and corresponding TPM checksums, or you leave that job to a third party - and that is what remote attestation is at its core. Apple has it the easiest there, they control everything in the entire path, while Google has to deal with a myriad of device manufacturers.
Note I massively dislike the path that more and more applications take to restrict user freedom, but I do see why corporations find it appealing.