Wait for your work to find out whether the bootloader can be unlocked.
So far no luck I'm still researching on whether or not I can use hdctools for an Android device. The pixels are unique in this particular case in that they are the only devices where this cable is capable of working or at least doing any number of things a regular USB cable can't. I think I'm going to have to learn how to set up a chroot chromeOS env in the on-device sandbox. Or find out if the tools can be modified into ARM .bins and push them to data/tmp and see if we have any luck. We can get these tools to work then we can remove right protection from the chips in which the cable allows us to interact with which in turn would allow us to flash firmware to those chips and or the device itself.
Citadel' reprovision works. I staged the stock bootloader and ran the commands, but tells me citadel is already provisioned. But the good news about this is 'fastboot rma' probably works. I don't have enough information to complete the command. Whatever RMA is, it has to do with unlocking the device and you can reprovision citadel after an RMA unlock. We also have to enable uart. And during my search for more information I happen to come across a post where some of these things I speak of were already being tested and used to unlock other devices. Some of the individuals involved with those cases, I have interacted with on numerous occasions here on XDA. Unfortunately most of those times were not happy and I did not get along with those individuals. So I am reluctant to ask for their help because they'll spend a few days telling me how dumb I am before telling me what I want to know or giving me a push in the direction I should be going in but never actually giving me enough info to succeed. So now I'm stuck in a catch 22.
However things continue to get interesting. I was able, again, to switch active slots (which isn't even supposed to be possible on a locked device particularly of the Verizon variant). I still do not know how I did it or when it happened but I did notice it changed from A back to B when I was trying to load a GSI using the DSU loader and or adb. But I cannot be sure that is the cause of it.
Secondly I've done a little more research on the screenshot I posted above of the air I now receive after attempting to load a GSI. The fact that the error comes up is actually really good because something somewhere wrote something to the device in some form which from what I understand, caused the vbmeta.img to change. Now again that's not even supposed to be possible on a locked device especially of the Verizon variant. So I have actually submitted a detailed report with Google about this particular case in hopes that they may be able to give me some details.
But the fact that both of these things can be accomplished is very very surprising. And I am totally out of my comfort zone and don't even know where to begin looking to try and find the clauses of these events.
I'm sorry this was such a long post but this is pretty much stuff I've learned over the last couple of days. The cable arrived today and I started experimenting with it unfortunately I don't have any different news to report as a result. Without getting the tools properly set up I am unable to use this cable to its fullest extent and abilities. I do have a ton of links that I intend to make available but I did not have any time today to gather them all up and post them. But there are quite a few.