Whoops.
novacustom Taking owner ship (also known as OEM factory reset)
I read over this at first, but realized this now when I looked at the picture. In my current understanding from this, the firmware will be flashed and then shipped to the user without any OEM ownership (setting non-default passwords, HOTP/TOTP, etc.), which has the effect of not having an established root of trust via strong (unique, random, high-entropy [~ >128 bits, but this is an arbitrary number and what I use, for instance a popular password manager KeepassXC uses 100 bits as excellent]) OEM passwords being applied and state being measured and sealed before shipping, and the firmware being in an unattested state upon receipt by the end user, upon which the end user factory resets the firmware in an unattested state. This as opposed to the OEM resetting the client and then shipping to the end user in an attested state (via strong passwords that are unknown to third parties and HOTP attesting to firmware integrity, which would prevent classes of firmware attacks by preventing tampering by any entity without knowledge of passwords from tampering).
Since text is often misinterpreted, I'd like to add that the wording used here is just to emphasize what I'm understanding this to mean, and to be very sure of what's being said to avoid misunderstanding--because what I had said regarding this here about reownership is very different from what I think the last reply is saying.
Edit: Clarifying "strong" OEM passwords