de0u yes, using avbroot can have bad consequences, like if you ever disable the OEM unlocking switch you are screwed, or ever update Magisk using the direct install method. It says any operation that results in a differently signed state will result in zeroing out your boot and recovery and rendering your device unrecoverable. I still recommend it to anyone who is interested in rooting GrapheneOS, as the standard root solution is unacceptable security wise, and in my opinion, a little risk that can be avoided by being smart is acceptable in exchange for access to powerful root solutions (that integrate very well with GOS) and security!
I agree that the simple solution to avoiding all this is to not use avbroot, however, I don't agree with rooting the standard way at all as it breaks verified boot and leaved the bootloader unlocked. This is the solution I'm working with for now, while I work on compiling GrapheneOS from source so I can sign the release with my own keys, integrate Magisk into the release, make the updater point to my own server, and update OTA with my own incremental updates that are patched with avbroot. I found a guide on XDA Developers I'm following. Then I'll remove the risk and have rooted locked, risk free GrapheneOS!
Also...
By the way, I just saw that a new update was released. I know it probably focuses mostly on P8 and P8P compatibility, but is there a plan to roll back Seedvault to where it was before the last update to it? The last time it was updated it really broke it... Now APKs aren't backed up, updates fail more often, overall its screwed...
Before this, last time it was updated it was PERFECT! Well, not perfect, but a completely acceptable backup solution until you all make something better! I'm just wondering, what plans are there to fix this critical piece of the OS?