Comment by charcircuit
4 hours ago
That attestation is for attesting you are using a TPM for user authentication. Which is different than attestation of integrity.
4 hours ago
That attestation is for attesting you are using a TPM for user authentication. Which is different than attestation of integrity.
They do have some kind of attestation mechanism to actually attest the device state: https://learn.microsoft.com/en-us/azure/attestation/tpm-atte...
It seems like the documentation for the feature is aimed entirely at MDM setups, though.
The basic API requirements are all there, and Windows 11 requires TPM 2.0, so I believe it should be possible for Google to build a Play Integrity equivalent around that.