On pixel devices you can add your own signature to be checked and thus can use secure boot with a custom OS - that's how GrapheneOS works.

No need to strip out every wall, we just have to think about the problem and put doors at necessary places so we can enjoy both freedom AND security.