Remote attestation is the true enemy of your freedom. The power of the authoritarian corporatocracy to force you to use only the (entire) systems they control. It's worth reading https://www.gnu.org/philosophy/right-to-read.en.html again just to see how prescient Stallman was.
"Validity" for a device can mean many things (latest patches, is running anti-virus software, among other things).
A general user probably doesn't need to attest to these things. I would argue that anyone trying to access a corporate or some other organization's network SHOULD be required to attest to these things given the cyber threat landscape. The caveat: those same entities should provide or heavily subsidize the platforms they require (work computers). It's their IP at risk. I'm not so naive to think they would actually do this with BYOD initiatives, unfortunately.
For personal users on personal devices, I agree this might go too far (but some principles like MFA are best practices).