[melvyn2]

The pixel, for example, already has a secure yet user-unlockable bootloader. So do modern x86_64 PC's. Statements like these, claiming that only apple can properly secure a device (and hence that users deserve to be locked out), simply show astounding ignorance.

[kaba0]

The M-series Macs also have similarly open, but secure bootloaders.

[klausa]

Sure, but they were designed with that in mind, and have presence and authentication requirements, that, as I understand, are not retro-fittable to older devices.

My claim isn’t “it’s impossible to implement a secure bootloader that also has escape hatches”. I’m saying it’s borderline impossible to do that retroactively for a fleet of obsolete devices, in a way that doesn’t compromise security of those.