Not allowing a bootloader to be unlocked on a company-owned device does sound like a desirable feature, but only for company-owned devices. Applying that setup to all phones assumes that the default phone is a company-owned device and is subject to external control.
A different SKU for enterprise managed devices would cripple IT departments that don't pay the big bucks to e.g. verizon to manage their device provisioning & MDM enrollment.
Wut? I don’t follow? Anyway, once you are big enough to care about preventing bootloader unlocking on your company devices you are big enough to pay for that privilege.
You'd need two different SKUs for each different color and size to enable this in a more user-friendly way, where devices either enterprise locked or carrier locked get the one with a locked-by-default bootloader, and ones bought directly by the consumer have an unlocked bootloader. Realistically the latter group is so small it doesn't make sense to complicate the production and logistics process by having this separation. Instead, we get the current situation where the bootloader can be unlocked after initial setup check.
It would be much nicer if it defaulted to allowing unlocking through. You can boot up a DEP enrolled Mac and use it even if your internet connection doesn't work, including disabling SIP and the bootloader. Though your MDM attestation may fail if you then enroll it. That need to explain yourself to the IT department should be enough incentive to an employee to not unlock your work device bootloader.
Has it occurred to you that the feature you're defending allows Google to lock customers into their provisioning/MDM? That this is worse than Verizon controlling provisioning/MDM, because at least Verizon is subject to market competition (ie you can buy the device from other parties), whereas Google doing it means you have no choice whatsoever?
You're also grossly exaggerating things. We're not talking about a change that would prohibit management, just one that would not allow them to do zero-touch enrollment into their management systems.
It assumes that company owned and managed phones are more common than people who want to unlock the bootloader. I know this isn't ideal, but that's the correct assumption to make.
That’s a stupid false dichotomy caused by a poor onboarding workflow. “Well we either make it easier for businesses or deny the right to literally every customer to own their device. It’s okay because most people won’t notice.”
You'll notice that the market is not lining up to buy the PinePhone in response to this state of affairs, so I would say that the decision has been working out well for Google.
It is very much the case that most people don't care about this definition of freedom.
Very few people exercise their fifth amendment right. That doesn’t mean people are tacitly agreeing to it being taken away.
I didn’t say it wasn’t popular. I’m saying people don’t realize how badly they are exposed because the hammer hasn’t dropped.
The market for PinePhone is weak because it’s “only for the pesky open source people”. It will stay that way a long time and we better hope they survive long enough for Google to keep screwing people into a big enough market.
It assumes that company owned and managed phones are more common that people who are unwilling to connect to the internet to unlock their bootloader. Which is definitely true. Probably by several orders of magnitude. Who cares? You get to unlock your bootloader.
