They’ll just focus on baking obscure side channel attacks into firmware wherever they can. Consumer devices also leak a ton of EM energy, and there have been a bunch of “proof of concepts” at deriving device state remotely by observing such energy. I’d be pretty surprised if the right folks can’t read private keys being loaded into cache under the right circumstances already.
In a way it’s kind of a poetic compromise. They can’t do mass surveillance like they want, but they can still “tap” devices via physical access, preferably with a healthy dose of due process.