Android has a hardware attestation API that is compatible with GrapheneOS (if the app accepts GOS's keys), but nobody uses it. Everyone uses the Play Integrity API; GrapheneOS can't pass the "strong" (hardware-backed) level of Play Integrity, though it passes the weaker ones.
The Dutch electronic identification app, DigiD, uses the Android-native attestation API.
Also good to make a distinction between the different things you can do in an attestation procedure: bootloader/boot integrity checks, attest a specific key, and ID (imei etc) attestation.
