> it's also about adversaries that may have physical access to your device and can provide that consent. No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed
You claimed that an adversary with physical access to your device can compromise your unlockable phone, but presumably this won't happen with a phone that can't be unlocked. Is that not what you claim? If so, please detail how.
I was talking about a device with an unlockable bootloader, not one that cannot be unlocked
Wanting an uncompromisable bootloader is about more than just protection against malware that might modify the software on the device, it's about protecting a phone that can be unlocked from having the software modified by someone with the ability to provide the consent that the end-user would normally give. For example when I hand my phone over in customs, or if it's seized by the police. If my bootloader is not unlockable, I haven't provided them with the keys to unlock the software, and those keys are reasonably strong, then I can be reasonably confident they haven't compromised by device
But, if they can unlock the bootloader for whatever reason, I have no idea now what is running on the device or what was run on it even if they restore it back to a locked condition
This is why I had mentioned in another comment, that it might make sense to require opening it with a screwdriver to enable/disable some features, and that you can add glitter or something like that if you want to detect physical tampering.
You claimed that an adversary with physical access to your device can compromise your unlockable phone, but presumably this won't happen with a phone that can't be unlocked. Is that not what you claim? If so, please detail how.