Even in that case, your computer is still an arbitrarily-programmable Turing machine; it contains this one hardwired + proprietary component that the remote end is looking to speak to, but that component isn't in control of the system; rather, it's controlled by the system. This just moves the job of deception one target over. Rather than just turning the logic sent by the remote end into a "brain in a vat" fed a false reality by your Cartesian https://en.wikipedia.org/wiki/Evil_demon of a custom OS, you also turn its local emissary, the DRM TPM chip, into another "brain in a vat" fed lies by an enclosing evil-demon hardware platform.

The only way this attack can even be avoided in principle is to restrict distribution of the DRM TPM chip — ala Nintendo's NES CIC lockout chip that never left Nintendo's hands except in the form of finished first-party-assembled game cartridges. But even that only prevents mass production and sale of devices that defeat your DRM; any sufficiently motivated attacker can still buy a legitimate device from you that includes the DRM TPM chip, rip the DRM TPM chip out, and feed it to their evil-demon hardware to enable it to faithfully attest a lie over the network.

In short: if this was truly a practical additional layer of defense, there'd be tons of use-cases for it — game consoles, set-top boxes, kiosk computing (e.g. ATMs), etc.

But you don't see anyone using DRM TPM chips for these systems, because it's not a practical additional layer of defense: such chips would increase BOM for these systems, while only defending against attacks that weaker defenses (namely software DRM, or programmable-firmware DRM like Intel SGX) already defend against; and while not doing anything more to stop the truly motivated attackers than current layers of defense already do — as your Netflix pirate media-scraping bots, your EVE Online gold-farming bots, etc. all have the monetary incentive and capital to invest to build exactly these evil-demon systems.