Hey, sorry, just realized I did not answer your question:
No, it is not strictly necessary, but if you don’t do it, everytime you reboot the phone, you will receive a very verbose warning message (something like: Warning, unlocked bootloader … security issue… don’t store any sensitive data on device etc. etc.) before the boot of the OS.
I don’t know if by re-locking the bootloader the message disappears completely or if it is substituted by something else, AFAIU it depends on the device. In such case the boot image would be signed and the bootloader would be re-locked, but the signature of the boot image would not correspond to the original stock one loaded by the mainifacturer.
If you have success in re-locking the bootloader, let us know what happens to the pre-boot warning screen.
Regarding if the re-locking operation is recommended or not, the first XDA link of the previous post states the following advantages:
- Virtually total protection of your data, especially if encrypted
- Inability to flash another recovery, even stock recovery (if OEM unlock allowed is unchecked)
- Inability to flash another kernel, including stock kernel, (again if OEM unlock is unchecked)
- Inability to unlock bootloader in fastboot, see above
- Total inability to flash anything in fastboot. The only access to the phone is through TWRP
- You can still change/update roms, backup/restore data to your liking
- You get a different boot warning screen: ‘your phone has loaded a different operating system’ with a fingerprint (four rows of numbers). Write them down and compare once in a while: if the numbers are different, someone (and I am talking a sophisticated adversary) tempered with your phone
The disadvantages are:
- You would have to set up things once
- When changing or updating roms, one extra step is required - flashing Chainfire’s modified Verified boot signer zip to resign kernel (right after Magisk and before reboot).
Plus, I would add, the need to restore your data because the operation erases it all.