You can have the same cryptographic chain of trust on PCs with Secure Boot enabled. Essentially the attestation is a signed hash of the computing environment, with Microsoft as its root authority in the PC ecosystem. The kernel+boot environment is next, then the system software stack, and finally the executable image. This is exactly what is provided by the trusted execution environment on Android devices, and Google Play is just the trusted arbiter of the software signatures.