I am p sure a lot of those that aren't for it aren't for it because of access to said ID is gated behind money (or unreasonably out of the way), which would need to be fixed first.

The earlierst I know of coming is the SpaceMit K3, which Sipeed will have dev boards for.

Generally you'll have your drive only unlock against certain PCRs and their values. It depends on which PCRs you select and then how exactly they are measured.

E.g. systemd measures basically everything that is part of the boot process (kernel, kernel cli, initrd, ...[1]) into different PCRs, so if any of those are different they result in differen PCR values and won't unlock the boot device (depending on which PCRs you decided to encrypt against). I forgot what excatly it measures, but I remember that some PCRs also get measured during the switch_root operation from initrd -> rootfs which can be used to make something only unlock in the initrd.

[1]: https://systemd.io/TPM2_PCR_MEASUREMENTS/

This doesn't work with secure boot and UKIs, since the entire "pre-rootfs switch" is signed in a single binary. If your threat model is what you have that is the least you should have.

If the other options would just straight up kill innocent bystanders (e.g. false positives for legit shops) I think that is a tradeoff I am willing to make.