No, you can just make a system secure without requiring attestation and stuff like that.

I don't believe in remote attestation anyway. It didn't even say the service is secure. It just proves it's as released by Google. But security doesn't have to rely on a big brother checking things for you. You can have security without it.