I keep mine unlocked, unwise though it is from a security standpoint, for one single reason: if Fairphone tanks, I’m locked out of my phone.
I really wish I could run their code generator thing locally, so I could relock my bootloader and be sure I won’t depend on a defunct company to unlock it again if I need to. But of course it would makes no sense for them to make this unlock mechanism public.
Your ability to unlock the bootloader on Calyx doesn’t depend on Fairphone’s code generator / online check, that’s a FPOS “feature”, you can just toggle the switch.
So I went ahead and got an FP4 and flashed calyxOS. The first try failed and it was briefly without and OS (Lichte paniek). Locking the bootloader during the setup resulted in a “Your device is corrupt. It can’t be trusted and wil not boot.”
Luckily I could fastboot flashing unlock, and tried again.
Second time around I got calyxOS working, when I didn’t lock the bootloader during setup.
Moreover this resulted in OEM unlocking being greyed out and fastboot flashing get_unlock_ability=0
Which is also suboptimal.
I tried flashing it and locking bootloader again, with the same results as before.
Eventually I was pointed to the /e/OS documentation:
Caution: The FP4 comes with an anti-rollback feature. Google Android anti-roll back feature is supposedly a way to ensure you are running the latest software version, including the latest security patches.
If you try installing a version of /e/OS based on a security patch that is older than the one on your device, you will brick your device. Click on
Detailsbelow for detailed information
Now I’m assuming calyxOS is behind on security patches frrom FPOS, and am hoping that flashing a newer version later on will solve the error.
I’m not sure if this means I will be able to install calyx with a locked bootloader when they drop a new update, or if having a phone that’s both ethically sourced and privacy/security focused is just too much to ask.
I might just go back to LOS+MicroG.
If you updated your phone to the latest FPOS release before flashing Calyx, try the latest Beta (4.13.2).
It’ll probably move to stable any moment (been out since the 14th), but the stable is just a relabled beta and I haven’t experienced or seen any issues so you can just go ahead and install it now.
The version you mentioned is NOW stable :).
I think I got it a bit earlier, but I assume this is why I’m am on the “Security express” - Release channel right now.
Jup, something apparently went wrong on their end with the security patch of the last FP4 build.
Asked for help on their matrix, and they fixed it pretty quickly. Newest one worked without any problems.
In 22 there were some issues with a version of the Andriod tools (afaiu only for wiping data).
Anyone know details about it. I remember CalyxOS tested that at least is version 33.x or so? 
Is it save to use the lastest one now?
Just updated them again - now on
Android Debug Bridge version 1.0.41
(adb) Version 34.0.5-10900879
fastboot version 34.0.5-10900879
DivestOS at least recommends an older one.
And I just realized that the CalyXOS device-flasher downloads and uses android tools r33.0.3.
So I still don’t know what is potentially “wrong” with newer versions, but at least I could install DivestOS with a new one.