Once you make it working you (root, modules, etc), you just need to regularly update prints (Action button in PI Fork) and to update to the newer valid KeyBox (best and usually the first to release) is to look for the Strong KB on KeyHub site
Some newer/forked modules provide Open/WeUI menu with the options to simply update prints and to update the valid KB, making it a quick and easy task. The only problem will be that they usually copy-cat that newer, valid KB from KeyHub and therefore it takes (to their devs/maintainers) few hours or even half a day (or a full day) to update to that new, valid KB
That makes it inconvenient for every Joe users who will unknowingly what's going on kick their Set valid KB, but since during that limbo time they didn't update to the newer valid KB yet, the action button will not i really install a new valid KB but still the previous, old, not-updated (shadow) revoked KB
But generally yes, it is inconvinient anyway, while Pixel A16 beta prints must be updated at least every 42 days (7 weeks), you never know when Google will revoke the leaked KB and when and who/where will publish a new, valid KB
There are only three solutions:
1) To find <A8 private prints that provide Strong Integrity 3/3 both for A13+ and <A13 (<A13 Device or Strong Integrity is required for Wallet) with spoofProvider=1, thus with NO NEED for Tricky Store and hunting for the valid KB
That private prints will practically last forever (they have somehow slipped through the Google hands and such a small number of ppl use them, hence there is a slim chance that G will identify and 'expire' them), hence with them user can expect to have a working solution for a long time, without updating a prints and specially without the troubles with KBs
I do have some of them (and use them on my older Xiaomi with the Xiaomi.eu custom ROM), but that was really pain in the ass to find them (like a needle in the haystack)
2) To find private KBs (used by a small number of users, hoping that G will not find that they were leaked and will not revoke them). Then you need to regularly update the prints but at least you avoid troubles with always hunting for the new, valid KBs
(Unfortunately I don't have such a private KB, I was not eager enough a year or so ago when some of them were still openly published on GitHub and other sites; and I would never pay for them from to 'resellers' from TG channels)
3) To flash a stock ROM, don't root and re-lock Bootloader.
You can still debloat the ROM by using adb methods, and eg Revanced non-root YT, Google Photo and other patched apps work (almostlike with the modules on the rooted-phone), ads can be blocked by the private DNS, etc.
I run all that with a great satisfaction already for couple of months on my newer Xiaomi phone that I deliberately didn't unlock the BL and did not install Xiaomi.eu - leaving the official, stock Xiaomi EEA ROM, with no more stress when paying by Wallet on the NFC terminals
