Hey @n42, we have some ongoing internal discussions around the behaviour of update locks so I’m going to add your comments as I think it’s a valid case we need to be aware of. Thanks for pointing it out!
The intent of the lockfile is to prevent application updates during critical sections of your code, and in general we don’t expect critical code to be running during boot. Are you attempting to use locks to avoid updating certain devices at all? Could this be managed at a fleet level to set default releases for the fleet, or pin devices to a release via the dashboard or the balena APi?
I think if we understand your use case, why you need to prevent updates after a reboot, we can better address this in the product.