IMO permanent locking is just useless feature that increases e-waste unnecessarily. It doesn't stop attacker from dumping whatever is running on the device and just exploiting it then replacing board with unsecured rPi/CM4, it just allows vendors to lock in their stuff even more.
I'd rather prefer alternative like say device have private key that can be used to validate device's "authenticity", and that key is:
* unavailable if device is not booted via secure boot
* resetted if you reset secure boot to turned off
Then:
* software can use it as "device key/license key" for proprietary applications, acting as mini-HSM akin to TPM; sign the generated public key with company's cert on device production and if it ever gets put out of the secure mode, byebye license.
* no total bricking, no landfill, hackable devices.
I'd rather prefer alternative like say device have private key that can be used to validate device's "authenticity", and that key is:
* unavailable if device is not booted via secure boot
* resetted if you reset secure boot to turned off
Then:
* software can use it as "device key/license key" for proprietary applications, acting as mini-HSM akin to TPM; sign the generated public key with company's cert on device production and if it ever gets put out of the secure mode, byebye license.
* no total bricking, no landfill, hackable devices.