[worldsavior]

How can you know which CPU is running? Also, the software could easily change the output of the security chip (secure enclave is only on apple devices).

[kibwen]

Part of the attestation process involves receiving a cryptographic signature from the CPU vendor. They can only fake it if they break the cryptography. And enclaves (or "trusted execution environments") aren't only on Apple chips, AMD and Intel have their own implementations.

[worldsavior]

But the CPU is first sending the signature to the OS, thuse enabling the OS to send you something else.