Recently, successfully installed community /e/os for Moto G 5G plus. Boot loader left unlocked (as my understanding is that the custom os is wiped if I try to lock it). Is there any way to lock w/o wiping or other ways to mitigate the security risks of an open boot loader?
Regain your privacy! Adopt /e/OS the unGoogled mobile OS and online services
the nairo doesn’t look to be relockable, you have to research at xda if other users tried. (Taking a backup and re-applying it is one way to stomach a userdata reset / wipe). But as said, it’s unlikely you can relock it.
For mitigation: the security risk is “evil maid” and as far as I know being able to have a crack at the user PIN without bruteforce anti-measures. A mitigation can be a longer PIN. If password managers or 2FA apps on-device have yet another credential in front that too is mitigation.
Being able to quickly rotate credentials when the device is lost helps. Last time me and my device parted ways, the SIM was my biggest worry because of stupid banks still.
This post has a link to reddit where the topic (incl. risks of an unlocked bootloader) is explained:
There’s many devices (with eOS community builds) that do not allow relocking the bootloader. (As a sidenote: for my own current device I consider the risk acceptable.)
Thnx 
- makes sense to me
