Please read through https://attestation.app/about again but also check out the upstream documentation on key attestation and the Auditor protocol documentation linked from that page while going through it. There's likely already be information there that's useful to you. I avoided trying to explain everything myself rather than delegating to existing documentation elsewhere like my protocol documentation in the app which shows the binary-level format of the attestation challenge and response.
Forgive me if this seems trivial to the security researchers out there, but I'm having a hard time wrapping my head around what having Remote Attestation actually does for the user, and what a user has to gain by setting this up for themselves by installing Auditor.
It provides you with hardware-verified information, and chains trust to the application which provides software-verified information. The whole point is that you are not trusting the OS or the user interface on the device to provide accurate information.