Thanks for the info.
I understand that enabeling OEM unlocking expands the attack surface. However there is a deeper answer as to why i want on unlock the OEM. I do not want to change the operating system...GrapheneOS is good for me. However i have suspissions that the OS has been breached.
Granted that i have device attestation setup and it is showing all good.
I want to take a system image of the whole system and my understanding is that this can only be crried on root.
Being unable to unlock OEM also raises my suspisions of a breach..i should be able to unlock it. The phone should not be tied to a carrier as i was able to unlock OEM when loading GOS.

Can you shed any light on this ?

Thanks

    Also...the OEM Unlock is not greyed out...i can enter my password and return to the Dev. ops however the toggle does not switch.

      You can verify your installation if you are concerned about the integrity of your OS. In addition to using the Auditor app, you can restart your device. If you see only the yellow warning triangle, then that means verified boot on your device is working. You can also check the boot key hash has on that screen.

      Both verification tools are described in more detail here:
      https://grapheneos.org/install/web#verifying-installation

      peoples I want to take a system image of the whole system and my understanding is that this can only be crried on root.

      It is strongly recommended that you do not do that, because it undermines the Android security model, and is counter to the goals of GrapheneOS. If you think you need to root, you have misunderstood how things work.

      peoples however the toggle does not switch.

      What happens when you try to enable OEM unlocking?

      Nothing...I cannot enable it. I input password it doesn't refuse the password...it reverts back to dev ops screen but OEM toggle still in off position.
      I genuinely believe that the OS is compromised without going into great detail on how...I believe it is something that the verified boot is not picking up on and either is the attestation app.
      I have cyber triage on my PC and I would like to run the system image file through it to see what it flags if anything but I cannot get a full system image.
      I'm not an IT guru but I think I have a fair understanding and I do have an engineering background.
      I need to get the system image to do forensics on it.

      The starting point is OEM unlock which I cannot do.

        Also to strengthen my suspicions...I believe the compromise is preventing me from unlocking the OEM.

        peoples Nothing...I cannot enable it. I input password it doesn't refuse the password...it reverts back to dev ops screen but OEM toggle still in off position.

        That is strange, indeed. I'm not sure what could be causing that.

        a year later

        I just bought an 8a and the auditor says oem unlocking allowed...
        Actually 2 of 3 phones have this,
        i bought them on ebay...
        i dont have a laptop or wifi...
        Is there anyway to fix this

        so my 2 phones dont get compromised, actually the one runs hot that says oem unlocking allowed...

          christiee Did you disable OEM unlocking after installing OS and performing attestation?