I just learned that a new release of the decentralized, open source Android (and iOS, but that requires a centralized Apple service) key attestation library warden-supreme has landed. It explicitly supports alternative/custom roots of trust for the attestation chain now and comes with a test for @GrapheneOS keys: https://github.com/a-sit-plus/warden-supreme/blob/development/serverside/roboto/src/test/kotlin/GrapheneOsTests.kt

Nice! That's a good match to our academic research direction on digital identity (https://digidow.eu) - avoiding points of centralization for better resilience (against many types of threats). We'll most probably use this for our prototype Android apps that require or benefit from key attestation guarantees and can't/shouldn't use Play Integrity (e.g., because they only communicate over Tor hidden services with each other, and having a Warden backend included on one side is much easier than coming up with a form of mixnet proxy service for querying central instances while retaining an unlinkability guarantee).