Where did you get the info from that the TPM is broken without Intel ME?
Heads relies on the OEM TPM for the measured boot. The Nitrokey is not a TPM replacement with Heads, but used to verify the firmware is unaltered between boots. And you can’t back it up, Heads generates the credentials on the Nitrokey but provides a secondary verification in case the key breaks.
Ok, well, since Intel Skylake the CPU have an internal TPM. So, if your Laptop is not older, it will appear once the Heads project manages to support the platform. If it is older, it must be a limitation with the coreboot build. Perhaps, the Dasharo tool can then even be used for flashing at that point. I faintly remember a youtube demo Dasharo posted where they software-flash a device from OEM to dasharo coreboot.
I wonder if the fact that you believe disabling the Intel ME would break the TPM, is not a confusion about TPM-physical device and an fTPM? The later is a flaky Wintel implementation of a TPM by software and it effectively runs inside the ME co-processor (meaning there is no real physical TPM hardware.) So in effect you cannot disable the ME if you want to run the fTMP scheme.
To my knowledge, having a TPM device (physical) works in all cases with the ME disabled via HAP strap, from architectures Skylake/Kabylake (6th and 7th gen) to Alderlake 12th gen. It even works perfectly well if the ME firmware was cleansed (not only disabled, but also neutralized using the me_cleaner project) - unfortunately this was only possible with firmware 11.x and previous versions of the calamitous ME implementation.