The pixel, for example, already has a secure yet user-unlockable bootloader. So do modern x86_64 PC's. Statements like these, claiming that only apple can properly secure a device (and hence that users deserve to be locked out), simply show astounding ignorance.
Sure, but they were designed with that in mind, and have presence and authentication requirements, that, as I understand, are not retro-fittable to older devices.
My claim isn’t “it’s impossible to implement a secure bootloader that also has escape hatches”. I’m saying it’s borderline impossible to do that retroactively for a fleet of obsolete devices, in a way that doesn’t compromise security of those.
