Not without exploits. This is a cryptographically signed chain of trust from hardware to booloader to kernel to the OS to Chrome. If any of these are tampered with the signature will not validate and they won't load. If you try to run an unsigned version the layer above you will refuse to sign the attestation. The only solution is finding exploits in the chain. If at any point you get unsigned code running or manage to get a signature outside of the signed environment then you can "spoof" the attestation. But while it is a big stack it is explicitly designed to prevent this exact issue, so it won't be easy and it will be quickly patched.
This is the same setup as SafetyNet on Android. SafetyNet can be worked around right now for "Basic Integrity" but this works by making your device claim to be an older device. Newer devices support hardware backed attestation for which there is no general work around. You can be sure that this proposal will be using hardware-backed attestation from the start.
This is the same setup as SafetyNet on Android. SafetyNet can be worked around right now for "Basic Integrity" but this works by making your device claim to be an older device. Newer devices support hardware backed attestation for which there is no general work around. You can be sure that this proposal will be using hardware-backed attestation from the start.