The purpose depends entirely on who creates/vouches for the attestation key. If the attestation key can be generated by the owner and then loaded into the secure element, then the owner can prove to themselves that the system has not been tampered with. But they cannot prove to anybody else what code is running on the system, as the owner can use a copy of the attestation key outside of the secure element to sign whatever they like. This is a good thing.

If the attestation key has been created by Intel (or within the secure element and signed by Intel), then the system can verify to arbitrary parties that the owner has not "tampered" with their own system. This creates a security vulnerability, as now overly aggressive (aka hostile) parties can demand that the owner gives up control of their own system as a condition of interacting with them.

Given the extreme power imbalance in B2C relationships, if this vulnerability exists it will eventually be abused in lockstep. Remember the days of dual-booting Windows to run some proprietary crapware? Yeah, that again, but with websites. And you couldn't just run a headless second machine with VNC, or even use too old of a monitor, depending on the business whims of the proprietary OS!