> You can attest that cryptographic key material is safely stored without attesting that their operating system and software running on it is all government-approved.

There's no proper way of doing so on Android.

Some countries, like Estonia, are providing their own SIMs to solve this problem. That indeed works. Unfortunately phones are being made that are eSIM-only and certifying eSIMs to the same EAL level is near-impossible.