Yeah. Remote attestation, "certification" of devices in general, should be illegal. Anything short of that and computer freedom is lost, everything the word "hacker" stands for will be destroyed.

Is it so difficult to have a separate phone for gov & bank apps only?

We can't let Google get away with bundling their spyware in the name of security into a phone we must now have..

It's NOT ok that a government app (often practically mandatory) requires the user to accept some invasive ToS of a foreign corporation maintaining an illegal monopoly.

Requiring attestation doesn't mean Google spyware should be unremovable without breaking it, Google's business model should not be mandated by the law.

So is there anyone else out there attesting device firmware and ensuring they're secure?

Why must it be attested secure?

It's not a law to only trust Google's attestations.

It is however common practice. Why would corporations and governments trust our own keys, signatures and attestations? There's no reason for them to do that. They're going to restrict the set of trusted keys to themselves, thereby maintaining attestation authority.

That's how we'll be robbed of our computing freedom. Technically we'll be able to install whatever software we want but they'll be able to detect our "tampering" and discriminate against us based on it. "Tampered" with your computer? Can't access bank accounts, can't access communications applications, can't even play video games or watch films. One day even networking protocols will require corporate or government attestation. Won't even be able to connect to the internet without a corporate owned computer. Can't even read an article on some website.

We're going to be marginalized. We're going to be second class citizens of society. The only way to gain access to services is to give up control of our computers to the corporations and governments.

The problem is not that it's difficult, the problem is that it makes phones that are not locked against their users commercially dead - a money losing venture for any manufacturer. Because most people simply won't bother with two phones.

but what if,the two phones could be packed into one?

it would be a little thicker, you would need 2 of some components.

switch between phones like switching workspace?

Ha, a phone with a KVM (1) although without the K or M: https://en.wikipedia.org/wiki/KVM_switch

Or this 90's hardware oddity that combined Mac and PC: https://www.youtube.com/watch?v=a6b4lYOI0GQ (skip to 8:00 to see it in action).

I wonder if dual-booting is possible, with the boot-loader loading the bootloader that's been "blessed" by Google's certification priests to boot the "certified virginal" phone.

Difficult? Not at all, but it annoying at least.

Is it possible to spoof/emulate play pass integrity somehow?

No, not strong integrity, since that depends on hardware secure modules which attest that the software on the phone is signed by Google.