Honestly, that sounds pretty fantastic. I've been using 3rd party tools/extensions to do this sort of thing in corporate and government environments for years, but having the attestation go all the way down to the hardware level is a big value-add, especially with so much ransomware/spyware/extortion/espionage going on these days.
Can someone please explain to me how the author might see this level of security as a bad thing?
By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.
Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.
Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.
This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.