This is because of legacy. And even now lots of people assemble and build PC.

My worry is one fine day Microsoft, Samsung Apple, and Google (rest of SV Media companies like Netflix etc) will join hands in bringing security and force a ChromeOS or macOS type totally- we decide everything for you.

But that's exactly why I advocate that the hardware attestation module be separate from the computing device - so I can be in control of what and when I attest, not the vendor.

Can you elaborate. Say I buy parts myself and install a fully FOSS OS on my machine. Let's say I want to access my bank, and they demand attestation. You propose I'd buy an off-the-shelf, universal attestation module of my chosing (free market). But how would that work from an implementation standpoint? How would the module help put e.g. my bank at ease?

Those actually exist. Yubikeys, Nitrokeys (complete FOSS FW) or bank-approved code generators (For Germany these exist: https://www.reiner-sct.com/tan-generatoren/) are basically that. They provide independent assessment. So regardless of the OS or the browser both parties can make secure transactions.

Ah, so the computer doesn't need to be trusted at all, it's just an untrusted medium, just like when using encryption when sending data. All the trust would be at the vendor and inside external hardware device.

With bank key generators yes you are correct. With Yubikey and Nitrokey, their logic is standardized. With Yubikey you trust that their implementation is good just like Windows or Mac users trust their OS to implement cryptographic algorithms/TLS correctly (or via external company certifications, if any).

With Nitrokey's open source firmware plus quite a bit CS education (specializing on cryptography) you can check whether their implementation quality is good. However, that is a lot of effort which will probably result in also requiring a third party certification.