diff --git a/src/main/kotlin/testing/KeyAttestationCertFactory.kt b/src/main/kotlin/testing/KeyAttestationCertFactory.kt
index 41b3c74..74926d4 100644
--- a/src/main/kotlin/testing/KeyAttestationCertFactory.kt
+++ b/src/main/kotlin/testing/KeyAttestationCertFactory.kt
@@ -45,7 +45,11 @@ import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder
 import org.bouncycastle.operator.ContentSigner
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
 
-internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCalendar.DEFAULT) {
+internal class KeyAttestationCertFactory(
+  val fakeCalendar: FakeCalendar = FakeCalendar.DEFAULT,
+  val hardodedRootKey: KeyPair? = null,
+  val hardcodedRoot: X509Certificate? = null,
+) {
   private val ecKeyPairGenerator =
     KeyPairGenerator.getInstance("EC").apply {
       initialize(ECGenParameterSpec("secp256r1"), FakeSecureRandom())
@@ -60,13 +64,13 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa
 
   internal fun generateRsaKeyPair() = rsaKeyPairGenerator.generateKeyPair()
 
-  val rootKey = ecKeyPairGenerator.generateKeyPair()
+  val rootKey = hardodedRootKey ?: ecKeyPairGenerator.generateKeyPair()
   val intermediateKey = ecKeyPairGenerator.generateKeyPair()
   val rkpKey = ecKeyPairGenerator.generateKeyPair()
   val attestationKey = ecKeyPairGenerator.generateKeyPair()
   val leafKey: KeyPair = ecKeyPairGenerator.generateKeyPair()
 
-  val root: X509Certificate = generateRootCertificate()
+  val root: X509Certificate = hardcodedRoot ?: generateRootCertificate()
   val factoryIntermediate = generateIntermediateCertificate()
   val remoteIntermediate = generateIntermediateCertificate(subject = REMOTE_INTERMEDIATE_SUBJECT)
   val rkpIntermediate =
diff --git a/src/main/kotlin/testing/KeyAttestationCertPathFactory.kt b/src/main/kotlin/testing/KeyAttestationCertPathFactory.kt
index a6f3f5a..7a3a329 100644
--- a/src/main/kotlin/testing/KeyAttestationCertPathFactory.kt
+++ b/src/main/kotlin/testing/KeyAttestationCertPathFactory.kt
@@ -20,16 +20,24 @@ import com.android.keyattestation.verifier.KeyDescription
 import com.android.keyattestation.verifier.SecurityLevel
 import com.android.keyattestation.verifier.provider.KeyAttestationCertPath
 import java.math.BigInteger
+import java.security.KeyPair
 import java.security.PublicKey
+import java.security.cert.X509Certificate
 
 /**
  * Factory for creating valid [KeyAttestationCertPath] chains for testing.
  *
  * @param fakeCalendar the fake calendar for the certificate chains validity period.
  */
-class KeyAttestationCertPathFactory(val fakeCalendar: FakeCalendar = FakeCalendar()) {
+class KeyAttestationCertPathFactory
+@JvmOverloads
+constructor(
+  val fakeCalendar: FakeCalendar = FakeCalendar(),
+  val hardcodedRootKey: KeyPair? = null,
+  val hardcodedRoot: X509Certificate? = null,
+) {
   private val certFactory: KeyAttestationCertFactory =
-    KeyAttestationCertFactory(fakeCalendar = fakeCalendar)
+    KeyAttestationCertFactory(fakeCalendar, hardcodedRootKey, hardcodedRoot)
 
   /* The root certificate of all generated certificate chains. */
   val root = certFactory.root