I think there are two fights that are both worth fighting:
1. Completely outlawing remote attestation.
2. In a world where remote attestation is given, let it be controlled in a fair way and not just by Google and Apple.
The risk is that only fighting for (1) leaves you in a world with remote attestation, where only Google and Apple can decide who gets to pass and who not. In fact, that is pretty much the world we are in already.
I agree that they are both worth fighting for, but I think (2) is much easier to accomplish, simply because Play Integrity is probably a DMA violation. (IANAL blah blah)
Allowlisting GrapheneOS's AVB keys does not meaningfully achieve 2, see https://news.ycombinator.com/item?id=48732675
It would be a win for GrapeheneOS users though, so I hope they do get support.
Why is attestation always bad, all the time? When two people interact there’s a trust/risk calculation on both sides. Isn’t attestation just a means of reducing risk for both parties? (We can debate who should control the attestation process and how it should work but your point 1 suggests that there is never a good form of attestation.) What would we do instead?
Implementing #2 would be as simple as declaring that hardware vendors that issue attestation roots may not pre-install operating systems on them, nor make exclusivity or unfair pricing agreements that advantage or disadvantage other businesses unevenly; and, must provide a way for consumers to replace at will the operating system preinstalled by those third parties with one of their own choosing. If the EU has technical competence then they’ll work their way around to this realization and absolutely shatter the Apple/Google monopolies in a single edict, since those EU-sold devices will then be repurposeable worldwide (with valid attestation chains to the replacement OSes, if they choose to implement them). One can dream.