I can't even visualise how this would work in any meaningful way. You are going to have some software that "attests" that, say, the user is running an approved version of Chrome. But you couldn't just distribute such software everywhere, since I assume it would be trivial to extract any keys from it and then attest whatever you wanted. The site mentions "Google Play" as a possible attestor, so it would perhaps work on locked-down mobile devices, at best.
You can have the same cryptographic chain of trust on PCs with Secure Boot enabled. Essentially the attestation is a signed hash of the computing environment, with Microsoft as its root authority in the PC ecosystem. The kernel+boot environment is next, then the system software stack, and finally the executable image. This is exactly what is provided by the trusted execution environment on Android devices, and Google Play is just the trusted arbiter of the software signatures.
