* SMM has been part of x86 for decades. The Secured Core requirements around SMM actually reduce its power.
* The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)
* Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.
* System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)
* Existing TPM-based remote attestation already includes the secure boot state
The short version: everything that the article is worried about being enabled by Pluton is already possible, and has been for years.
But there's a meaningful point here. Remote attestation can certainly be used to restrict access to resources in ways that are incompatible with general purpose computing, or which reduce user choice. Remote attestation can also be used to give end users confidence that their machine is in a good state without constraining what they do with it. As a technology, remote attestation can be used in both good and bad ways. We do need to keep track of whether anyone is threatening to use it in bad ways and react appropriately.
(But tbh remote attestation as an attack on general purpose computing isn't the really scary thing about widespread remote attestation. Remote attestation ties back to the TPM's endorsement key, an immutable cryptographic key certified by the TPM vendor at manufacturing time. The straightforward implementation of allowing arbitrary remote sites to trigger remote attestation would tie all of these accesses back to a single piece of hardware, and would be a privacy nightmare.)