Effective [some future date], in order to sell any device connected to the Internet (or Bluetooth, or whatever), you must register your entire codebase and all internal documentation with the FTC, and keep it updated, along with any signing keys to lock bootloaders. The day you abandon support, if you haven’t provided everything required for end users to take complete control of their device, your code base and any other IP enters the public domain, and the FTC uses their discretion on release of keys.
It would take new laws, and you’d have to be careful with language and structure to prevent abuse of “third party” code and abuse of corporate structure to try to prevent old devices from being usable, but you could do it.
This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.
I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.