I’d go further and dictate that a reference implementation of the software be required in source code form, and the instructions include a secure boot bypass (e.g., cut this trace on the board, pull a jumper, etc).

> instructions include a secure boot bypass

So do NSO’s work for them.

Yes, and that is irrelevant. If the owner can fully control his or her device then so should NSO. That's why well-designed hardware tends to have hardware-enforced hardware input to override security settings. In the past they were simple dip switches on motherboards (some gaming motherboards still have them for overclocking), for modern phones it seems to be the secure boot/hypervisor environment itself in conjunction with hardware keys like volume buttons. Physical hardware-validated input (or physical access to the device) is sufficient to spoil the schemes of NSO or any other group of remote coward criminals. No need to further encroach on owner rights.

"NSO" should never be accepted as a valid argument against providing a secure boot bypass to device owners. Never.

> "NSO" should never be accepted as a valid argument against providing a secure boot bypass to device owners. Never

Thank you for making this decision for me and millions of others. I appreciate it being suggested that I be forced to trade tangible security benefits for someone’s else’s sense of aesthetics.

Those tangible security benefits will remain in place unless you, the device owner, go out of your way to disable them.

I recommend replacing your misplaced sarcasm with a real counter-argument or not commenting at all.