Heh. Open firmware would not solve this issue. If the firmware were open, the FBI would have already broken into the device. Apple's signing key (or, for the paranoid, the government's unwillingness to admit that they have obtained it through espionage) is primarily what is keeping the FBi's fingers out of the cookie jar.
A better question is how to further lock the phone down in future updates so that Apple can't comply even if they were compelled to, something Apple engineers are no doubt looking into right now. The optimal way would be to require a device to be unlocked to update the firmware, which would require the PIN, which Apple would not have.
Okay, so how do you verify that only the owner can do that, on the OS level, if the firmware is not first totally locked down? The security of iOS devices comes from the fact that Apple has engineered the devices to behave a certain way when using Apple firmware and that that firmware can't be modified or replaced without the signing key of Apple. And Apple is making it clear that they are on the side of the consumer, not the three letter agencies.
You use the exact same design as iOS, but with unique keys in the hands of each device owner (in other words, a PIN or password) rather than one key in the hands of the vendor.
The resources required to replace the firmware on a non-crippled Android device is access to the Internet from that device. This is not a big ask. Most people who own an iPhone have a data plan and/or access to WiFi.
Sure, only a small minority of device owners can actually make new firmware, but fortunately only one of them needs to make and distribute some firmware for everyone to be able to install it, if the device is open.
Are you saying this as someone who has helped non-hobbyists install new firmware onto their phones? I haven't, but helped many people install desktop linux around 2008-2009 and was often surprised by the problems they ran into.
Most people don't have the resources, knowledge, or desire to replace their car's engine parts. Does that mean it's ok to sell a car with a locked hood, that requires a manufacturer-controlled key before the engine can be serviced?
No, even if they personally don't want to touch the engine, they turn to knowledgeable friends/family or pay a professional mechanic to do the work.
This unfortunately-common view that most people should never even have the option to do anything technical is insulting and maybe even monopolistic (it bans 3rd party repairs/parts).
A better question is how to further lock the phone down in future updates so that Apple can't comply even if they were compelled to, something Apple engineers are no doubt looking into right now. The optimal way would be to require a device to be unlocked to update the firmware, which would require the PIN, which Apple would not have.