Okay, so, guys - here's the exact situation, with a large amount of gory technical details so you can understand what's going on too.

* Philosophy wise, we're into user privacy - protecting your private data against attackers, physical or applications - ie, not DRM (other people's rights..). When you've set a lock code, we try to protect your data as well as we can.

A way to see this is that I really wouldn't want my private conversations to be easily extractable because I put my phone into a malicious USB charger or a competitor stole my phone off the table in Amsterdam in Ruoholahti while I was getting a drink.

* The bootloader of the Jolla is 'little kernel' ("lk") which speaks the typical Android fastboot protocol, which has a open source flasher.

* There's three modes of booting:
- Normal booting - boot into 'boot' partition, which is a combined kernel + initrd + cmdline image
- Recovery booting (volume down + power on) - doesn't do anything at the moment as there's nothing in recovery but boots into 'recovery' partition (same format as boot)
- Fastboot mode (volume down + put USB in) - opens a fastboot session on USB that you can connect to with fastboot flasher

There's a few toggles in the device currently:
* Developer mode - which gives you full root on your device and it says, please note this: "this may void your warranty" - it does not say "this will void your warranty". The philosophy there is that if you break something with it, you get to keep both pieces - don't do anything stupid - like overwrite the boot loader, or use hardware parts beyond their specifications.
- It is possible to flash kernel, recovery, etc from within device as we do this in OTA updates. If you really have to hack, do it with recovery partition until the below is in place.

* OEM unlock - which determines if bootloader is open or not - no special code is required to unlock - just fastboot oem unlock, but the power comes with responsibility - and I'm not in any way as an employee recommending this.

Now - one of the things about breaking things is that you can glue things together and it's all good again - About recovery:

At an upcoming update (I cannot say which, because, until a feature is released, it can at any point be pulled and postponed), there will be a recovery partition installed that will 1) ask for your device lock code if you have one and 2) allow you to factory reset your device in case you've hacked it a bit too much ("unbootable brick" situation)

That recovery I'd like to improve in such a way that it enables users to do full system backup/restore from microSD and other useful bits that we've learnt from maemo times is just generally nice to have (BackupMenu, BootMenu, etc).

Now, about factory images.

The Jolla device has all it's system data on a eMMC, one big SD card practically. This is shared with the modem part and includes things like modem firmware and other bits (take a look at the 25+ GPT partitions!). The device factory image is a combination of SailfishOS, a Qualcomm Android hardware adaptation and modem bits. The hardware adaptation and modem bits are copyrighted by Qualcomm and are put in place by the factory partner - and Jolla cannot distribute those parts.

Due to a bit of a design flaw on my behalf that I hope to solve for future devices, our entire system is merged together in one big 'sailfish' BTRFS volume which makes it even harder to separate bad bits and 'good bits' and 'flash them seperately'

In practice, what this means, is that we cannot provide full factory images. And that sucks. But if we do a proper recovery, backup and restore possibilities, it takes care of a lot of the trouble.

I don't personally buy devices that can't be hacked. We started developing Sailfish on hackable devices - we know our roots. And I have one coming to me at full price - no rebates or special treatment.

Does this clear up the situation a bit? Device is open as is explained above, but, when you hack, you'll always want to be able to restore your device. And that's what I hope the recovery will sort out unless you really screw up the device. In which case it's your own fault.