My bank has always had hardware attestation, but it was their hardware that was being attested. Customers get it loaned when signing up
I have no problem with a device that they trust being used for transaction approval, but that device shouldn't also be the device I use for my daily life and do all sorts of private things on. We should want to be able to inspect that one
I agree completely, except looking at my 2fa app I'd need 20 physical tokens, so we actually need a super-duper-yubikey
Yeah, I should have pursued the idea ten years ago of making a usable 2fa hardware device (that confirms what you're authenticating and an attacker can't simply pull auth codes for whatever they want)
Still, I'm plenty okay with my phone as a second factor for my laptop and vice versa for nearly all services. The rest is about tying things to a government identity (bank cares only if it's me who's authorising the transaction; government cares only if it's me who's requesting a student loan) and can be done with the chip that's already in my identity document and a single 20€ nfc chip reader or by using a phone as nfc reader