Divest OS: Everything about Divest OS on the Fairphones

adb is only accessible when the system is booted and usb debugging is enabled OR when booted to recovery and “apply update via sideload” is chosen.

The USB debug option has zero impact on whether or not you can sideload via recovery.

adb is not accessible when in fastboot/bootloader mode.

for FP4 all you need to do is reboot to bootloader, fastboot flash recovery recovery.img, reboot to recovery, choose apply update, adb sideload update.zip, verify success at 94%, format data, reboot into DivestOS.

Is it not strange that I sucessfully flashed DivestOS recovery without adb recognizing my device in bootloader menu?

That isn’t strange at all because recovery is flashed via fastboot and not adb.

2 Likes

So now I got myself inside the “Apply update” section of recovery and there adb worked indeed.

So as per step 8 of the installation guidelines I was following on your exellent website Bootloader - DivestOS Mobile
I ran adb sideload copy-partitions-fp4-release.zip
Then I saw a terminal scrolling on the FP4 without obvious error message and it ended by “OK”

Then as per step 9 I ran adb sideload divested-19.1-20220808-dos-FP4.zip
My linux terminal ran to 100% without error
My fairphone terminal showed

Finding update package…
Verifying update package…
Update package verification took 45.3 s (result 0).
Installing update…
E: logical partitions ar mapped. Please reboot recovery before installing an OTA update.

Then I hit the “back” button to get back to recovery and perform a factory reset
A this precise moment my fairphone’s terminal displayed

Install completed with status 1.
Installation aborted.

I performed the factory reset and my FP4 eventually answered “Data wipe complete”

Then I hit the button in recovery to reboot the system now and got a scary answer from my Fairphone written in scary color orange

Version 19.1 (20220808)
Active slot: b
WARNING: Previous installation has failed.
Your device mail failed to boot if you reboot now.
Confirm reboot?

I confirmed and it rebooted into… FPOS !?

Edit
I got again into recovery and apply update and ran adb sideload divested-19.1-20220808-dos-FP4.zip
My linux console ran to 100% and end up showing “Total xfer: 2.00x” and my Fairphone terminal displayed
“Step 1/2
Step 2/2”

Then I performed a factory reset and format data and rebooted the system.
Then it booted into DivestOS :grinning:

I did another factory reset with data format for testing and could boot again in DivestOS.

Then I tested functionality during my day-to-day activities and found the following functions to be comparable with what I had previously observed with FPOS

Mobile DATA
Send and receive phone call
GPS
Wi-Fi
Wi-Fi thethering
Listening music through bluetooth
Selfie camera for pictures and video recording with sound
Speakers
Touchscreen
Display
Buttons
Torch
USB charge and data transfer

I found the following functions to differ from what I had previously observed under FPOS

Send and receive SMS ------ It looks like I do not receive neither notification nor vibration nor sound alert for SMS and have to manually look for them which does not bother me much since 2FA is almost my only use for them and I do receive notifications and vibrations for WhatsApp and Signal messages

Main camera for pictures and video recording does work normally for my use which is basic; however I did not notice an option to use wide angle camera like on FPOS. Here I show a photo taken with my main camera under DivestOS with default camera application and default settings exept that I selected a 16:9 format instead of 4:3; it has been somewhat compressed in the upload process and originally has a better definition.

Then I got myself in the setting menu and looked for update; there was an update available named divestos-19.1 which looked strange because it was supposed to be the version I had installed however I installed it anyway and rebooted exactly in the same system.

Then I decided to try the backup software SeedVault. It proposed me to backup to nextcloud however I had no server to do it so I chose to back up locally even though the software advised against it because if my phone broke it could do nothing to save itself. In the backup options there was an item “Backup status” which was set to “never” and when I tap on it I see a list of settings and apps which are supposed to be backed up however under each is writtent something like “Waiting for backup” with an orange triangle at their right. So far I would say that SeedVault failed to make a proper backup of my system.

My opinion overall is that I can use this OS which is neat and fits my needs; it is based on android 12 and boasts good privacy compared to others and also hardened security although from what I understand to take security benefit would imply a bootloader relocking which I am currently asking myself whether I should try it or not.

3 Likes

@Sliwki

Thank you for the detailed testing and feedback.

The updater will always show the latest update.
Seedvault requires the first backup to be initiated manually. The best no cloud option for backup is any old flash drive with an adapter and works well. Plug it in once a week, wait 10 minutes, and you have a nice backup.

bootloader relocking

Verified boot is indeed not enforced until the system is locked.

Thank you for the tip I did successfully backup on an USB-C external drive with SeedVault.

Now on the bootloader relocking front I did the following

fastboot erase avb_custom_key >> finished
fastboot flash avb_custom_key avb_pkmd-fp4.bin >> finished

My FP4 status is following
At boot I get a warning about an unlocked bootloader
At the bottom of the bootloader menu is written in red “DEVICE STATE - unlocked”
In developper options the item “OEM Unlocking” is greyed on the off position and not modifiable; under it is written “Bootloader already unlocked”

fastboot flashing get_unlock_ability = 0

I would prefer a locked bootloader than an unlocked bootloader.
Even though I would still prefer an unlocked bootloader than a FairBrick.
I am not an advanced user and would appreciate some insight for my decision making.
I understand that in the end the responsability is only mine.
In the meantime I will read the FairBrick cemetery thread.

As long as

get unlock ability is 0

I wont lock the bootloader, unless there is proof that divest would not brick the phone under no circumstance (unlike all other OSes)…

4 Likes

Thank you for your advice ymuell; it is indeed something I was thinking I had read.
Is there a way to turn it to 1 ?

Also on DivestOS installation guide; before relocking bootloader; there is a warning that say

“On A/B systems firmware in both slots must be in sync/latest! Or else next installed update might be unbootable, and potentially brick.”

Is there a way to know if this condition is satisfied?

I would also not dare to lock the bootloader. On the other hand, if it is already unlocked, isn’t it logical that the unlockability is 0? If already unlocked, it can’t be unlocked any more.

My understanding is, the system should still let the unlockability (OEM unlocking in the developer settings) untouched and 1=enabled till I go back in the developer settings and disable it. When its 0 and something happens you cant enable OEM unlocking again, because its greyed out and thus you cant unlock again, your phone is bricked and only FP can fix.

Please see this and following and this was not fixed yet by FP and so far flashing of any OS (even FPOS) can brick your phone. So therefore if its 0 I personally would stay safe and dont lock the bootloader, unless I’m fine with the hassle to send it in to repair center.

2 Likes

This is a very confusing issue. Someone with a deeper understanding should compile a table under which conditions a lock/unlock/relock is safe. I’ve been following the linked thread, but I am still not sure what my combination means:
I have flashed CalyxOS, re-locked.
Now the OEM unlocking option is grayed out and my unlockability=0.
That would mean I am stuck with CalyxOS for all eternity? Even if they stop support at some point?
So if I wanted to try DivestOS now, I would still be stuck with CalyxOS?

But I think we should discuss this topic elsewhere and not hijack the DivestOS thread (of course the hijacking was started by me) :wink:

Responded in the other topic

Thank you for reacting. I have made the suggested reading.
I am currently writing from a working DivestOS FP4 that I would like to stay with. However it would seem to be likely that attempting to relock my bootloader at that point would result in a FairBrick even though I did not find a report of it yet with DivestOS.
When it comes to computing and trying fancy stuff on a linux system I am usually not a lucky bird and that is starting to pile arguments against flashing lock.
Which is in contradiction with the fact of installing a security oriented OS. The problem seem to be FP4 related since other people have ended up in the same situation with other OS.

Maybe I should try my luck with CalyxOS and the lottery will grant me a get_unlock_ability=1 ? Alternatively forum member Hirnushi proposed a method to get_unlock_ability from 0 to 1 using a “patched boot.img” and magisk and another forum member reported a successful lock after following it.

1 Like

Dear fairphone community I am writing to you in what could be the last message from the living time of my beloved fairphone because in a few minutes I will attempt to relock my bootloader and it might very well result in it getting stuck in some other dimension.

I do this after having followed through the steps of forum members cosmic along the method given by forum member Hirnushi which I must precise was not easy and had specificity regarding DivestOS although eventually I managed to reset get_unlock_ability from 0 to 1 and put the OEM unlock toggle from OFF to ON

EDIT

I have commanded fastboot flashing lock_critical and fastboot flashing_lock and my phone sucesfully booted again into divestOS and also I have sucessfully rebooted two times.
However do not consider that it is possible to relock the FP4 bootloader out of the box after installing DivestOS because chances are that it will result in a Fair Brick.

The steps I followed require to extract a boot.img from the payload.bin file in divestOS zip file.
To do this I used [Tutorial] Android OTA payload dumper on Android | XDA Forums

Then patch boot.img with Magisk following Hirnushi’s method described on posts 100 to 120 on the topic

Additional interesting reading

Check before attempting to lock that fastboot flashing get_unlock_ability = 1 and the toggle in developper option named OEM unlock must be on the position ON

After issuing flashing lock my device has rebooted 2 times and showed a message saying approximatively

“Your device has loaded a different operating system
Press power key to pause boot
Visit folllwing link with another device Understand warning about operating system safety - Android Help
Followed by 4-5 lines of Random numbers

And now I do not have the message about unlocked bootloader anymore; The message I showed previously appears at boot instead and I do not know what it means exactly and if it also shows on other OSs with locked bootloaders.

Also I do not know after having used magisk and messed around the system wether Android Verified Boot is implemented or not. Should someone know how to test it or enlighten me why it might or might not have been broken I might be interested.

SeedVault efficiently restored my app and files after relocking.

Forum members Hirnushi and Cosmic should be credited for inventing and pioneering the method presented here and SkewedZeppelin for an awesome OS and invaluable personalised support here and in the community of DivestOS

2 Likes

Fairphone 4 seems to be missing from the DivestOS device list now.

Did something change or am I blind?

@AvidAlbatross
A new update is in the progress of uploading on my very slow Internet connection.

Old builds are temporarily listed here: https://divestos.org/builds/old/old.txt

6 Likes

Ah, makes sense. Just wondered if there was an issue or something meaning FP4 isn’t supported anymore

There is no issue it is all good after two OTA updates. The only app having issues are those that were selling my private data and I soon found workarounds for enough of them for my Fairphone to be fully usable. Use FOSS counterpart; use app in browser; use original app that seem to require google play services even though it works without anyway; all good for privacy and freedom with DivestOS

2 Likes

Did you lock the bootloader after installing?

Edit: it seems you did! I don’t think I’m gonna risk it though

Hello
Yes my bootloader is locked.
After 6 weeks and three OTA updates it works well. There is a focus on privacy and security. Apparently FP firmware is now included. Only messanging application Signal drains so much battery without google services that it is arguably unusable. I have nothing else to declare apart from an efficient and available support on XMPP

1 Like

Experimental A13 based builds are now available for FP4: News - DivestOS Mobile

Reported working so far, albeit with some hiccups of two random reboots noted.
I don’t have a Fairphone myself to personally test with.

2 Likes

Calyx has released their device flasher now. I’m just wondering if there’s any way of making the device flasher flash Divest OS instead? Has anyone tried it?

Can it lock the bootloader safely if you use Divest OS?