What about for software implementations like 1Password and Bitwarden?
They can't fake the attestation from hardware implementations so you could just reject keys from software implementations.
alt Hacker News
They can't fake the attestation from hardware implementations so you could just reject keys from software implementations.