Phones with unlockable bootloaders aren't going to be sold for much longer just like dumb TVs aren't sold anymore. There's just too much profit to be earned by corporations locking devices, plus banks and governments want to lock down phones. And once they lock down phones they'll go for desktops as well.

Maybe in the US, but not in my country. I tried looking for "signage displays" but all I could find was Samsung professional monitors that still had the smart stuff

Yeah, this is just a fundamental misunderstanding of how bootloader unlocking works. The people repeating this argument seem to think that their bootloader will unlock if they look at their phone wrong, when in reality the bootloader unlock process can be made such that the user must consent. If some malware can bypass that, then it could bypass your bootloader in the first place.

It's not just about malware you might accidentally download, it's also about adversaries that may have physical access to your device and can provide that consent

No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed

There are ways to do it so that 'bypass' means you effectively wipe the device. If that's not good enough, how do you protect against them just replacing your device with a compromised one that looks similar?

So because we can't eliminate every possibility, we should just give up on all protections?

I think you are misunderstanding my point. You aren't giving anything up by enabling unlocking if the act of unlocking wipes the device.

Please detail this attack vector where someone can compromise a phone with an unlockable bootloader but not one you can't unlock.

That's not what I claimed?

> it's also about adversaries that may have physical access to your device and can provide that consent. No matter how convoluted you make the rube goldberg machine to bypass the cryptography, if there's a way to bypass it it will be bypassed

You claimed that an adversary with physical access to your device can compromise your unlockable phone, but presumably this won't happen with a phone that can't be unlocked. Is that not what you claim? If so, please detail how.

I was talking about a device with an unlockable bootloader, not one that cannot be unlocked

Wanting an uncompromisable bootloader is about more than just protection against malware that might modify the software on the device, it's about protecting a phone that can be unlocked from having the software modified by someone with the ability to provide the consent that the end-user would normally give. For example when I hand my phone over in customs, or if it's seized by the police. If my bootloader is not unlockable, I haven't provided them with the keys to unlock the software, and those keys are reasonably strong, then I can be reasonably confident they haven't compromised by device

But, if they can unlock the bootloader for whatever reason, I have no idea now what is running on the device or what was run on it even if they restore it back to a locked condition

If they unlock the bootloader, the phone will wipe itself, that's what most phones nowadays do.

This is why I had mentioned in another comment, that it might make sense to require opening it with a screwdriver to enable/disable some features, and that you can add glitter or something like that if you want to detect physical tampering.

Every device I've ever unlocked warns you on boot that it's unlocked. So if that's your threat model, just reboot the phone after the maid hands it back to you and see if you get a scary warning.

At least historically, that wasn't always fool-proof :-) – I know at least some Motorolas from around ten years ago where the bootloader warning was simply an alternative boot animation, so you could suppress that message by overwriting the "bootloader unlocked" animation with the regular boot animation.