My French ID card has the features, but also the French digital ID app also requires Play Integrity...
replyHow can you have a secure enclave without hardware attestation? Processor root-key is the source for all.
replySmartcards have attestation too.
replyBut how can you verify that the processor's own software, which ultimately runs the application, has not been compromised?
replyThe software running on the smartcard? You write that yourself, and hopefully your security processes are good. The nice thing about smartcards is that the trusted computing base is massively smaller than that of a regular operating system.
replyIf you disallow installing applications post-issuance (which is probably a good idea for ID cards), you don't even have to worry about VM runtime integrity either, as there will be only your application running on the card.