> You could flash and reflash without re-unlocking. It only gets locked if you issue an explicit lock command.
Slight miscommunication; I was intending to address the specific security threat of "attacker has (temporary) physical access and flashes something malicious onto the phone's root filesystem (anything from a complete ROM to a kernel module or background process that autostarts and runs as root every boot)", in which case the user can just re-flash the phone's non-encrypted partitions from known-good images and be on their merry way.
> do you really expect the average user to generate their own keys, reconfigure their bootloaders, and resign their roms
Slight miscommunication; I was intending to address the specific security threat of "attacker has (temporary) physical access and flashes something malicious onto the phone's root filesystem (anything from a complete ROM to a kernel module or background process that autostarts and runs as root every boot)", in which case the user can just re-flash the phone's non-encrypted partitions from known-good images and be on their merry way.
> do you really expect the average user to generate their own keys, reconfigure their bootloaders, and resign their roms
Fair; it's unlikely for most users.