> I don't see any requirement to support hardware attestation in the recaptcha documentation, the Play Services seem to be "enough".

Doesn't Play Integrity use hardware attestation, but specifically checking the Google keys?

If you use the Play Services on GrapheneOS, you still don't pass Play Integrity because your system is signed by GrapheneOS and not by Google.