The challenge includes the origin and all communication is protected by TLS. I don't know what happens if you add extra trusted root certificates to do MITM attacks, but in principle nothing stops the root store being a part of the remote attestation.