I fear services will force the use of certain devices, like those on the FIDO certified products list [0]. Will there be a way to use open hardware, open firmware, and user-controlled hardware attestation keys? Or will that be considered a fraud/bot risk?

[0] https://fidoalliance.org/certification/fido-certified-produc...