Android phone models with user-writeable BP firmware (open-source Baseband Processor)

Which android phones utilize a [Baseband Processor (BP)](https://en.wikipedia.org/wiki/Baseband_processor) that's designed for power users/developers whoose firmware is easily accessible and flashable, by design? While Google introduced [WiFi MAC Address Randomization](https://source.android.com/devices/tech/connect/wifi-mac-randomization) into Android 9, they've been dragging their feet on adding a similar privacy feature: [Cell Tower IMEI Randomization](https://android.stackexchange.com/questions/241225/auto-imei-randomization-in-android-like-wifi-mac-randomization) . My understanding is that [this is a hardware limitation](https://android.stackexchange.com/questions/248057/how-do-hackers-change-mask-imei-numbers?noredirect=1&lq=1#comment333234_248057) , because most Android phone manufacturers do not make it easy to modify their BP's firmware. Unfortunately, because it's possible to spoof your MAC address but not your IMEI number, it's far safer (from a security and privacy perspective) to use WiFi radio networks on Android devices than to use SIM radio networks. However, if we had access to modify the BP firmware, then we could spoof our IMEI numbers on every connection, thereby greatly increasing the privacy of their cell-tower communications to be on-par with the current-state of WiFi communications. Fortunately, there's a number of manufacturers of Android devices on the market that are built for power users: [Purism](https://puri.sm/) , [Pine Phone](https://pine64.org/) , [Fair Phone](https://www.fairphone.com/) , [Shift Phone](https://www.shiftphones.com) , etc. My question is: which Android phones make the BP user-writeable, such that users can trivially spoof their IMEI number?