OEM Unlocking permits the ability to install a new ROM image or a new bootloader. After booting the phone into the bootloader, we use Fastboot to unlock the bootloader (fastboot flashing unlock) or lock the bootloader (fastboot flashing lock) so that a new operating system or bootloader can be installed on the phone.
For GrapheneOS
- Enable OEM Unlocking
- Reboot the phone and unlock the bootloader
- Flash the GrapheneOS ROM which also includes a signed bootloader
- Lock the bootloader then start the OS
- Go into settings and disable OEM Unlocking
For Jailbroken Phones
The phone is rebooted into the Bootloader, the flashing is unlocked and it can never be enabled again as long as the phone remains jailbroken: the custom bootloader must remain unlocked because it use a special bootloader with supervisory privileges and additional software that runs at the supervisor level. As a result, jailbroken phones are huge security risks since anyone with sufficient knowledge can modify or even erase the jailbroken bootloader or the custom ROM image installed on the phone. In addition, malware or other nasty software can be easily installed on a jailbroken phone.