after removing nodejs and nvm and doing a clean install of the lts nodejs and then installing device-os-flash it all seems to work (still "not allowed"):
C:\Users\User>device-os-flash --all-devices 5.3.2
Initializing module cache
Downloading release binaries
Updating cached binaries
Initializing flash interface
Enumerating local devices
Flashing target devices
Target devices:
1. 0a10aced202194944a004d3c (P2)
[Device 1] Skipping p2-prebootloader-mbr@5.3.2.bin. It's required to be encrypted
[Device 1] Preparing device for flashing
[Device 1] Flashing p2-system-part1@5.3.2.bin
[Device 1] Flashing p2-tinker@5.3.2.bin
[Device 1] Resetting device
[Device 1] Using control requests to flash remaining modules
[Device 1] Preparing device for flashing
[Device 1] Not allowed
[Device 1] Flashing p2-prebootloader-part1@5.3.2.bin
[Device 1] Preparing device for flashing
[Device 1] Not allowed
[Device 1] Flashing p2-bootloader@5.3.2.bin
[Device 1] Flashed successfully
Done
C:\Users\User>
hopefully we can replicate this in the factory!