Comment by jeroenhd
6 hours ago
Windows Hello offers an attestation API according to the releases I found, though because Microsoft has called at least four products "hello" now, I can't easily find the details. I don't think there's a technical reason why Google couldn't have released an app with a URL handler that uses that API except maybe for the Windows TPMs being less secure than mobile ones in general.
That attestation is for attesting you are using a TPM for user authentication. Which is different than attestation of integrity.
They do have some kind of attestation mechanism to actually attest the device state: https://learn.microsoft.com/en-us/azure/attestation/tpm-atte...
It seems like the documentation for the feature is aimed entirely at MDM setups, though.
The basic API requirements are all there, and Windows 11 requires TPM 2.0, so I believe it should be possible for Google to build a Play Integrity equivalent around that.