You can have integrity checks that allow the user to choose which signing keys to trust. Some PCs with secure boot, and some phones such as Pixel devices support this. GrapheneOS uses it.

In those systems, it won't boot without a good signature, so the user is protected against attacks that break the user's chosen chain of trust.

Remote attestation of consumer devices, e.g. Safetynet is evil.