Comment by bri3d

Whatever silly OTP implementation is involved is 99.9% irrelevant to unlocking a phone, and OTP for root-of-trust has been in use in phones for 15+ years anyway.

Maybe we use some hardware-level trick to get to some protected firmware initially to reverse engineer it, but almost universally it's what reads the state of the fuses (or something after it) that actually gets exploited. That's changing, too, but in general very slowly and at at the pace of hardware manufacturers learning how to make software (aka, glacial with a few notable exceptions).