Yes, that is a problem. 'Hardened' configurations cannot be checked. But there are a lot of non-hardened configuration. Actually there are more that returns there version than not.
Let's assume that they have somehow secretly shipped this "secure enclave" with all machines that will support Win10, and that they have h4xXx0r proof-ed the code to make it impossible to RE the code and implement the protocol directly, presumably we'll still be able to emulate Win10 and have a virtual NIC which spits out the key when it's handed off to it.
You won't be able to emulate the secure enclave, no. That'd sort of defeat the entire point.
It is supposed to be impossible to RE the code for anything useful - the keys are encrypted using the public key of the secure enclave. You'd need to break the chip itself to win, and since Intel knows this, we can assume they'll make it incredibly hard.
Of course, since MS wants this to work on current hardware, not "shipping sometime in the future" we can assume they aren't using Intel SGX. But in theory it's fairly strong DRM.
> Microsoft claims users will not be able to find the password and that users will only be able to access the Internet, but that assumes there are no security holes.
You don't even need a "security hole": the machine needs to know the key to connect. From there, it's your machine -- you will be able to read it out of memory. Now, this is probably out of reach for most "average users", but for even a moderately capable attacker it provides little protection (and tools automating this will likely become available).
At best, if the Wifi network is using a passphrase it'll only send you the key (which is calculated by applying the PBKDF2-HMAC-SHA1 function to the passphrase using the SSID as a salt for 4,096 iterations), but this still lets the user get on the network and decrypt traffic.
