Their security model requires remote attestation. So, open, user-controlled platforms cannot be used. Of course some other future locked-down linux-based OS might be usable.

Remote attestation in theory includes all aosp-compliant attestation implementations (in practice that's GrapheneOS already), but the current project plans and implementation openly reject it.