Isn't the point of those trusted environments is that they aren't supposed to be compromised by plugging something into the motherboard? So that you don't have to trust the server hosting company if you trust Intel and can verify that nothing from the hosting side is messing with your software at runtime
tl;dr: A rogue device plugged into a "trusted" motherboard makes it untrusted.
As the saying goes, "It rather involved being on the other side of this airtight hatchway."
Sigh.
Isn't the point of those trusted environments is that they aren't supposed to be compromised by plugging something into the motherboard? So that you don't have to trust the server hosting company if you trust Intel and can verify that nothing from the hosting side is messing with your software at runtime