Trusted Firmware-M provides an Initial Attestation Service that can be used to prove the identity of a device to a relying party as part of the Authentication process. Attestation Service provides a set of claims in a token and follows the [[ https://tools.ietf.org/html/draft-mandyam-eat-01 | Entity Attestation Token Specification ]] (EAT).. The token can be obtained from TF-M using a standardized PSA Developer API.
Design of Initial Attestation Service can be found [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/services/tfm_attestation_integration_guide.rst | here ]] and the implementation of the Service can be found [[ https://git.trustedfirmware.org/trusted-firmware-m.git/tree/secure_fw/services/initial_attestation | here ]]