the TPM does the attestation of the entire running environment, starting with firmware, through the OS, through the browser all the way down to the website