Basically, you build up a set of cryptographically verified computing primitived (like secure enclave) that are enforced by a hardware component with baked in from the manufacturer keys. Basically it's setting up an "owned by vendor computing channel" and baking it into the Silicon.
You won't get the chance to refuse this feature. There'll be too much money at stake for manufacturers to not retool for it. It'll be the only thing they make to sell, so take it or leave it chump.