This makes sense for iPhones but if attestation is possible on macs, as I believe it is, as well does that not sidestep most of the “equivalent to jailbreak” requirements?
Macs have alternate mechanisms that achieve the same thing. SIP de-privileges the root user, the boot filesystems are cryptographically sealed, and the kernel will prevent apps tampering with each other to at least some extent.
So whilst you can "jailbreak" a Mac you can only do it by following Apple's procedures, which leaves a trace that can detected in the remote attestation. At least I assume that's what's going on from their docs.
So whilst you can "jailbreak" a Mac you can only do it by following Apple's procedures, which leaves a trace that can detected in the remote attestation. At least I assume that's what's going on from their docs.