top | item 44372586

(no title)

>except for MDM devices where the MDM profile can allow attestation for RP domains on an opt-in basis.

And even then, the attestation you get in that scenario is just an attestation that the passkey was created on a managed device. It is not a hardware/device attestation.

discuss

lxgr|8 months ago

But only Apple devices can be managed, and presumably that’s in turn attested to by Apple cryptographic keys in hardware?