Remote key attestation and revoking trust

[freedge]

Sometimes backdoors are found in HSM products such as CVE-2015-5464 where privileged admins are able to extract keys. Those keys could have been previously "confirmed" with the "cmu getpkc" command.
It seems the keys originating from these HSM could be cloned into newer, not vulnerable HSM, but if at any point the key had been on a vulnerable HSM then it cannot be trusted.
Do you know how revocation is done on remote key attestations in such case? (also asking on ThalesGroup/luna-pkc-validator#1)

[vanbroup]

Key attestation is essentially a snapshot of specific attributes at a given point in time. These attributes can include firmware versions, timestamps, freshness nonces, and other relevant details. The exact attributes included in an attestation can vary, making standardization efforts crucial for consistency and reliability.

One such effort is the IETF draft on X.509-based attestation evidence, which aims to standardize how these attestations are structured and verified. This draft helps ensure that key attestations are trustworthy and interoperable across different systems and platforms.