How much of it is cryptography? The only notable cryptographic locks are just the TPM-backed Widevine and the infamous Play Integrity, both rarely required due to how many older devices that would lock out.
There's no crypto, as far as I know, in all the binary blobs in the kernel, yet we still can't re-implement enough of them to even have a true Linux phone without reusing the manufacturer's kernel.
Secure Boot (or whatever it's called on each hardware platform) relies on trusted cryptographic keys to sign "the next step" in the boot chain, all the way back to the bootrom. This is how the higher-level SafetyNet attestations work on Android, and equivalent features on iOS, XBONE, etc.
There's no crypto, as far as I know, in all the binary blobs in the kernel, yet we still can't re-implement enough of them to even have a true Linux phone without reusing the manufacturer's kernel.