OEM is greyed out, and I’m still getting a message upon booting that says the device is unlocked. I will also check in fastboot when I get home, but I’m thinking it will say it’s unlocked.
So should I just do the “fastboot flashing unlocked_critical” command, to make sure critical is unlocked?
Well without any guarantee: yes when the manual installation per instructions require critical to be unlocked and because you used the locking command, I would unlock it again.
1 Like
Okey. Thank you for the help.
Not sure how far you get, it seems its not easily posdible to not boot into system after ßanually installing FPOS
1 Like
So to lock the bootloader you can’t boot into os after flash install, but the install boots automatically into os…great…
You can lock the bootloader after the first boot, it’s just a lot riskier and I would always advise against.
If everything is as it should be, meaning the security patch level of the factory images you are flashing matches / is higher than the current ones and the keys those images are signed with are the ones the system expects, get_unlock_ability doesn’t concern you at all.
But for your example where you installed old factory images, that would have been a brick 
I won’t repeat my rant(s) here because I’ve said it all before, bottom line is all of this could be handled better by Fairphone and it just isn’t, for whatever reason 
2 Likes
So if you lock the device with an older os installed it will render the device useless?
To be honest I’m regretting buying this phone. I’ve never had issues like these with other brands.
Yes.
But that isn’t really a Fairphone issue per se, that’s what rollback protection is meant to do on a modern phone. The phone keeps track of the rollback index (security patch level in Fairphone’s case) so you / an attacker can’t install an older version which might contain unpatched known vulnerabilities that could be exploited.
Locking the bootloader enforces that check, but OEMs can also opt to always enforce it as well.
Normally that rollback index should get cleared when the phone is completely reflashed (search this forum / the Android documentation for specifics, I don’t have the links handy), and the Pixels manage to do that just fine.
Now there’s apparently a bug in certain Qualcomm bootloaders (according to the CalyxOS devs) which affects the Fairphone as well that leads to the rollback never being reset. So on any devices (not only Fairphones) affected by that the only way is forward.
I don’t think Fairphone as a company has the necessary access / ressources to fix low level Qualcomm bootloader bugs, I might be wrong, you’d have to ask them.
But they could make the install process safer by implementing checks and locking the bootloader during installation. And they failed to do that for two years, that is absolutely on them!
(Got a bit ranty again, sorry, I’ll see myself out 
)
4 Likes
Finally got the time to try manually installing the OS again.
So turns out that when I do the “fastboot flashing unlock_critical” command I get the following respons:
“FAILED (remote: ‘Flashing Unlock is not allowed’)
fastboot: error: Command failed”
I tried manually installing again, but I of course get an error that critical is locked.
Sorry to hear that and no idea from my end, not sure if @hirnsushi has time to troubleshoot with you.
1 Like
Could you please post the output of fastboot oem device-info 
What is the current state of your phone, does it boot into Android userland, are you getting any bootloops.
Did the installation go through or did it fail with an error? 
If you can successfully run an installation my advice would be to modifiy the install script as outlined here:
Don’t boot into Android userland at that point, we want to stay in the bootloader!
Unless the partition that stores get_unlock_ability is part of the critical partitions (which I don’t think it is) that should reset that value to 1 and you should be able to issue fastboot flashing unlock_critical 
Edit: Yeah, nope, scratch that, I checked the install script and it won’t let us go through with it, and we are not going down the manual route. This calls for the Magisk method.
You’ll need the latest Magisk app and the boot.img that you can find in the images folder where you extracted the factory images to (not the old ones, we want the images matching your current install). Transfer both to your phone, install the app, go to Install → Select and patch file, patch the boot.img and transfer it back to your PC. (I can do that part for you if you are struggling, but I don’t have time right now)
Then it’s basically:
after that you should be able to use fastboot flashing unlock_critical
2 Likes
Output from fastboot oem device-info:
(bootloader) Verity mode: true
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: false
OKAY [ 0.006s]
Finished. Total time: 0.008s
The phone boots fine into fpos.
I got an error at the beginning of the installation basically stating that it couldn’t do it because critical is locked.
I’m gonna have to wait until Sunday to try the Magisk method. I’ll give it a go then.
Alright then, that’s looking good, keep me posted 
Oh and don’t lock the critical partitions after the installation, there’s really no reason to if you are going to lock the bootloader anyway, that takes away the ability to mess with them (most custom ROMs just keep them unlocked).
1 Like
So I could’nt figure out how to install Magisk after transfering to phone. So I installed it directly on the phone. Don’t know if that matters.
I transfered the boot.img to my phone. There were 2 Install options in the Magisk app. 1 besides Magisk and another besides Program. I chose Magisk, but I’m not sure this was the right one. I then chose the boot.img file and got a new .img file. I transfered this back to my pc.
I then booted into fastboot and put in the command for booting into Magisk. I get the following output:
Sending ‘boot.img’ (98304 KB) OKAY [ 2.251s]
Booting OKAY [ 10.116s]
Finished. Total time: 12.426s
The phone then booted into FPOS, and not Magisk. What did I do wrong?
You did nothing wrong, there’s no Magisk to boot into, all this does is give you root privileges so you can use the commands we need.
Just follow the instructions that come after fastboot boot path_to_boot.img now
(In case you rebooted in the meantime you’ll have to use fastboot boot again to get into a rooted environment, that’s only temporary)
2 Likes
Good, cause I have no idea what I’m doing here. Looks like critical is unlocked again.
fastboot oem device-info output:
(bootloader) Verity mode: true
(bootloader) Device unlocked: true
(bootloader) Device critical unlocked: true
(bootloader) Charger screen enabled: false
OKAY [ 0.004s]
Finished. Total time: 0.005s
fastboot flashing get_unlock_ability output:
(bootloader) get_unlock_ability: 1
OKAY [ 0.001s]
Finished. Total time: 0.002s
Guess I should do this now:
- Open the
flash_fp4_factory.commandfile in the folder where you extracted the Fairphone factory images and change line 23 toREBOOT_TO_BOOTLOADER="true" - Get the new SHA256SUM for the script (
sha256sum flash_fp4_factory.commandif you are on Linux) and replace the one in theSHA256SUMfile with it (last line) - Run the installation again and check
fastboot flashing get_unlock_abilityafterwards
I’m on windows. Do I do the same but with the .bat file?
Awesome 
The .bat is basically just calling the .command file IIRC (same as the .sh for Linux). Can’t check rn, not anywhere near a PC/proper internet.
Just open it up, there should be a reference to the .command file somewhere
There’s no sha256sum on Windows but apparently there’s something similar (if you are using PowerShell), so Get-FileHash flash_fp4_factory.command | Format-List should get you what you need.
1 Like
Alright. So far so good. Ran the flash, and the phone booted into fastboot.
get_unlock_ability is still 1.
So for the locking, the guide (https://support.fairphone.com/hc/en-us/articles/10492476238865-Manage-the-Bootloader) says to first type fastboot flashing lock_critical, then fastboot flashing lock.
Is this the way I should do it? Or should I just do ‘fastboot flashing lock’?
Leave critical unlocked because 1) no need to lock it 2) locking it will trigger a data wipe and a reboot, if you don’t catch that in time you’ll end up with get_unlock_ability reset again.
3 Likes
It worked! I tested one of the apps I previously couldn’t use, and it’s functional.
Thank you so much for helping me out with this! I was on the verge of just buying a new phone, but now I can hopefully use this one a good while longer. I would never have figured this stuff out on my own, so I really appreciate you taking the time to help me!
6 Likes