We already have that today. And locked down systems don't prevent it, because you can always exploit some part of the supply chain. A determined actor will always find a path.

It's possible to make this detectable, and chromebooks already do.

On a chromebook, if you toggle to developer mode you get a nag screen on early-boot telling you it's in developer mode every time, and if you're not in developer mode you can only boot signed code.

Basically, just bake into device's firmware that "if any non-apple keys have been added, forcibly display 'bootloader not signed by Apple, signed by X'", and if someone sees that on a "new" device, they'll know to run.

With the root of trust and original software wiped, what used to be, say, an iPhone stops being an iPhone. It becomes a generic computer with the same hardware. All the software designed to run on iPhones like the App Store is likely to stop working. You won't fool the user for long.

And this attack is already doable by simply replacing the iPhone with a fake. It won't fool the user for long either, but you get to steal a real iPhone in exchange for a cheap fake.

You can have TPM with your own hardware key, which allow to verify the integrity of the BIOS. Works fine on my Librem laptop with a Librem Key.

This can be fixed by adding some user-controlled "fuse". For example, with a TPM you will lose access to stored keys if the boot sequence is modified.