My understanding is that there is something like a system call that a program can use to query the TPM for the current system state. The TPM will then reply with some sort of hash representing the state and also a signature for that hash using a private key stored inside the TPM.
The program (i.e. the netflix app or a browser) can then pass on that data structure to netflix' servers, which will then decide if they permit 4K content or not.
To circumvent this, you'd have to know two things:
1) what kind of hash for a "non-rooted" system netflix is expecting in the first place.
2) the private key to sign the hash with.
To get the former, you'd have to eavesdrop on a connection on a non-rooted device. To get the letter you'd have to extract the key from a TPM, which is likely specifically built to make this hard.
The program (i.e. the netflix app or a browser) can then pass on that data structure to netflix' servers, which will then decide if they permit 4K content or not.
To circumvent this, you'd have to know two things:
1) what kind of hash for a "non-rooted" system netflix is expecting in the first place.
2) the private key to sign the hash with.
To get the former, you'd have to eavesdrop on a connection on a non-rooted device. To get the letter you'd have to extract the key from a TPM, which is likely specifically built to make this hard.