Yeah, I'm not denying the existence or need for a TEE, I just mean that either the TEE is secured against custom OSs and therefore signing in beforehand is unnecessary, or the sign-in information could be erased by a custom OS.

So requiring a login to unlock the bootloader doesn't really disincentivise any theft in either case, as I understand it.