Oh.. this sounds awfully familiar with the Apple Studio device not accepting "SSD" upgrades. Obv they also added a SSD controller inside the M1 chip, but if the (filesystem) encryption keys are stored *inside* the CPU package, then you'll almost likely need a software vulnerability to get them out. It depends if there a possibility to do so. I suppose the keys won't be system exposed, but you can only list, create and delete keys.
Sounds like a recipe for disaster for anyone doing data recovery, wants to swap out SSDs with other machines.. all the reasons why you wouldn't use disk encryption tied to a systems keys. And knowing Microsoft, I sincerely hope they play nice with OSS and help them with proper implementations for it.
In terms of BIOS I'm not sure how useful this is, because that's part of the chipset. If the remaining vulnerability is sniffing traces on the PCB, then I imagine that's a very limited attack vector that no one should be concerned about. So if TPM protects the BIOS firmware/rootkits, then that should be fine right?