Comment by PunchyHamster

I can see usefulness if the flow was "the device is unlocked by default, there are no keys/certs on it, and it can be reset to that state (for re-use purpose)"

Then the user can put their own key there (if say corporate policies demand it), but there is no 3rd party that can decide what the device can do.

But having 3rd party (and US one too!) that is root of all trust is a massive problem.