[teaearlgraycold]

IIRC when your phone requests the attestation cert from Google it uploads its DICE chain. Then Google verifies the chain and gives you a 30 day cert (with a chain starting from a Google root, then an intermediary, then your leaf).

You might be able to see some custom Google extensions on the X.509 cert which will have some extra info. But that might get stripped when the cert is shown to an app.

I don’t remember all of the details. I worked on the infrastructure for the key acquisition but most of it was already set up when I joined and I was only on the team for a few months.