I think the better regulation would be that it is illegal to sell hardware that includes embedded keys without making the secret key (or the private key if the embedded key is a public key) available to the legitimate owner, with no strings attached.
Hardware vendors could chose to, for example, make the keys available in printed form in an envelope with difficult to open without breaking vendor-branded seals that are expensive to manufacture in small quantities, and warn consumers not to open them if they don't know what they're doing.
This would prevent its use to lock consumers out from installing their own software on their own hardware, while still making it useful for legitimate applications. Consumers could chose to securely destroy the key if they wanted (with the caveat they could then not on-sell the device).
Installing our own software is not the problem. Their ability to even know what software we're running is the problem. Web services should be required to work with anything that speaks their network protocol, not just a cryptographically blessed official app. That way we can adversarially interoperate with them.
Hardware vendors could chose to, for example, make the keys available in printed form in an envelope with difficult to open without breaking vendor-branded seals that are expensive to manufacture in small quantities, and warn consumers not to open them if they don't know what they're doing.
This would prevent its use to lock consumers out from installing their own software on their own hardware, while still making it useful for legitimate applications. Consumers could chose to securely destroy the key if they wanted (with the caveat they could then not on-sell the device).