Apple already shipped attestation on the web, and we barely noticed

Cannot attestation in Chrome be "fixed" by patching an attestation function so that it always returns true (even if there is an adblocker)?

Maybe initially (like Widevine L3). Then they'll expect your OS to attest the browser's integrity and your firmware to attest the OS's integrity.

That is not possible, because the User Agent (UA) does not return a simple boolean value to the endpoints that requests attestation.That endpoint requests a cryptographic proof that originates at a shared root of trust between that endpoint and the device you are using (which has an embedded secret that its user cannot extract, and which was blessed by this shared root of trust with a cryptographic signature at the device's factory). Being able to generate that proof will attest that your device, its operating system, the software it has installed, as well as the UA have all been deemed acceptable (i.e., cryptographically signed by something/someone that root of trust has extended its trust to) by the attestation arbiter - so probably either Apple, Google, or Microsoft.

I think most likely it will be something like private/public key challenge I don’t think you can just tweak it from your side, but I could be wrong.

First, there's nothing to patch as it would probably need a cryptographic challenge response flow and not a simple yes or no.

Even if there's a patch, it would be difficult because there are other pieces of attestation that are already in place all the way upto the browser.

You cannot patch executables because os can verify executables via code signing signatures.

You cannot "patch" important parts of your OS (outside any zero days) with secure boot enabled(they can reject user keys for attestation).

> You cannot "patch" important parts of your OS (outside any zero days)

So basically you just need to stop updating OS for 2 weeks and grab a fresh vulnerability to bypass attestation?