You can't patch that out when it comes to hardware attestation. The entire bootchain is authenticated and you can't spoof it because the authentication mechanism and private key are is in the on-silicon enclave. Anything that's not authorized will fail attestation. You can't patch it out because it's an allowlist. Anything less than official signed boot + OS + apps + configuration + known good hardware private key will fail.
It's about as easy as it would be for an ISP to inject code into an HTTPS page.
The only reason anything works is because Google attestation servers still return a green light for evaluationType=BASIC. Once old devices become rare enough they'll only return a positive attestation for evaluationType=HARDWARE_BACKED.
Go find try and find a single instance of anyone achieving HARDWARE_BACKED with less than a fully stock device.
They are none. No amount of Magisk magic will make it work because it's all taken out of software's hands. Bypasses at that point look like electron microscopes and micro-electronics cleanrooms.
It's about as easy as it would be for an ISP to inject code into an HTTPS page.
The only reason anything works is because Google attestation servers still return a green light for evaluationType=BASIC. Once old devices become rare enough they'll only return a positive attestation for evaluationType=HARDWARE_BACKED.
Go find try and find a single instance of anyone achieving HARDWARE_BACKED with less than a fully stock device.
They are none. No amount of Magisk magic will make it work because it's all taken out of software's hands. Bypasses at that point look like electron microscopes and micro-electronics cleanrooms.