Thank you for the detailed testing and feedback.
The updater will always show the latest update.
Seedvault requires the first backup to be initiated manually. The best no cloud option for backup is any old flash drive with an adapter and works well. Plug it in once a week, wait 10 minutes, and you have a nice backup.
bootloader relocking
Verified boot is indeed not enforced until the system is locked.
Thank you for the tip I did successfully backup on an USB-C external drive with SeedVault.
Now on the bootloader relocking front I did the following
fastboot erase avb_custom_key >> finished
fastboot flash avb_custom_key avb_pkmd-fp4.bin >> finished
My FP4 status is following
At boot I get a warning about an unlocked bootloader
At the bottom of the bootloader menu is written in red “DEVICE STATE - unlocked”
In developper options the item “OEM Unlocking” is greyed on the off position and not modifiable; under it is written “Bootloader already unlocked”
fastboot flashing get_unlock_ability = 0
I would prefer a locked bootloader than an unlocked bootloader.
Even though I would still prefer an unlocked bootloader than a FairBrick.
I am not an advanced user and would appreciate some insight for my decision making.
I understand that in the end the responsability is only mine.
In the meantime I will read the FairBrick cemetery thread.
As long as
get unlock ability is 0
I wont lock the bootloader, unless there is proof that divest would not brick the phone under no circumstance (unlike all other OSes)…
Thank you for your advice ymuell; it is indeed something I was thinking I had read.
Is there a way to turn it to 1 ?
Also on DivestOS installation guide; before relocking bootloader; there is a warning that say
“On A/B systems firmware in both slots must be in sync/latest! Or else next installed update might be unbootable, and potentially brick.”
Is there a way to know if this condition is satisfied?
I would also not dare to lock the bootloader. On the other hand, if it is already unlocked, isn’t it logical that the unlockability is 0? If already unlocked, it can’t be unlocked any more.
My understanding is, the system should still let the unlockability (OEM unlocking in the developer settings) untouched and 1=enabled till I go back in the developer settings and disable it. When its 0 and something happens you cant enable OEM unlocking again, because its greyed out and thus you cant unlock again, your phone is bricked and only FP can fix.
Please see this and following and this was not fixed yet by FP and so far flashing of any OS (even FPOS) can brick your phone. So therefore if its 0 I personally would stay safe and dont lock the bootloader, unless I’m fine with the hassle to send it in to repair center.
This is a very confusing issue. Someone with a deeper understanding should compile a table under which conditions a lock/unlock/relock is safe. I’ve been following the linked thread, but I am still not sure what my combination means:
I have flashed CalyxOS, re-locked.
Now the OEM unlocking option is grayed out and my unlockability=0.
That would mean I am stuck with CalyxOS for all eternity? Even if they stop support at some point?
So if I wanted to try DivestOS now, I would still be stuck with CalyxOS?
But I think we should discuss this topic elsewhere and not hijack the DivestOS thread (of course the hijacking was started by me) 
Thank you for reacting. I have made the suggested reading.
I am currently writing from a working DivestOS FP4 that I would like to stay with. However it would seem to be likely that attempting to relock my bootloader at that point would result in a FairBrick even though I did not find a report of it yet with DivestOS.
When it comes to computing and trying fancy stuff on a linux system I am usually not a lucky bird and that is starting to pile arguments against flashing lock.
Which is in contradiction with the fact of installing a security oriented OS. The problem seem to be FP4 related since other people have ended up in the same situation with other OS.
Maybe I should try my luck with CalyxOS and the lottery will grant me a get_unlock_ability=1 ? Alternatively forum member Hirnushi proposed a method to get_unlock_ability from 0 to 1 using a “patched boot.img” and magisk and another forum member reported a successful lock after following it.
Dear fairphone community I am writing to you in what could be the last message from the living time of my beloved fairphone because in a few minutes I will attempt to relock my bootloader and it might very well result in it getting stuck in some other dimension.
I do this after having followed through the steps of forum members cosmic along the method given by forum member Hirnushi which I must precise was not easy and had specificity regarding DivestOS although eventually I managed to reset get_unlock_ability from 0 to 1 and put the OEM unlock toggle from OFF to ON
EDIT
I have commanded fastboot flashing lock_critical and fastboot flashing_lock and my phone sucesfully booted again into divestOS and also I have sucessfully rebooted two times.
However do not consider that it is possible to relock the FP4 bootloader out of the box after installing DivestOS because chances are that it will result in a Fair Brick.
The steps I followed require to extract a boot.img from the payload.bin file in divestOS zip file.
To do this I used https://forum.xda-developers.com/t/tutorial-android-ota-payload-dumper-on-android.4061799/
Then patch boot.img with Magisk following Hirnushi’s method described on posts 100 to 120 on the topic
https://forum.fairphone.com/t/trapped-in-fastboot-mode-with-locked-bootloader-and-corrupted-custom-rom/80985/117
Additional interesting reading
https://topjohnwu.github.io/Magisk/install.html
Check before attempting to lock that fastboot flashing get_unlock_ability = 1 and the toggle in developper option named OEM unlock must be on the position ON
After issuing flashing lock my device has rebooted 2 times and showed a message saying approximatively
“Your device has loaded a different operating system
Press power key to pause boot
Visit folllwing link with another device g.co/ABH”
Followed by 4-5 lines of Random numbers
And now I do not have the message about unlocked bootloader anymore; The message I showed previously appears at boot instead and I do not know what it means exactly and if it also shows on other OSs with locked bootloaders.
Also I do not know after having used magisk and messed around the system wether Android Verified Boot is implemented or not. Should someone know how to test it or enlighten me why it might or might not have been broken I might be interested.
SeedVault efficiently restored my app and files after relocking.
Forum members Hirnushi and Cosmic should be credited for inventing and pioneering the method presented here and SkewedZeppelin for an awesome OS and invaluable personalised support here and in the community of DivestOS
Fairphone 4 seems to be missing from the DivestOS device list now.
Did something change or am I blind?
@AvidAlbatross
A new update is in the progress of uploading on my very slow Internet connection.
Old builds are temporarily listed here: https://divestos.org/builds/old/old.txt
Ah, makes sense. Just wondered if there was an issue or something meaning FP4 isn’t supported anymore
There is no issue it is all good after two OTA updates. The only app having issues are those that were selling my private data and I soon found workarounds for enough of them for my Fairphone to be fully usable. Use FOSS counterpart; use app in browser; use original app that seem to require google play services even though it works without anyway; all good for privacy and freedom with DivestOS
Did you lock the bootloader after installing?
Edit: it seems you did! I don’t think I’m gonna risk it though
Hello
Yes my bootloader is locked.
After 6 weeks and three OTA updates it works well. There is a focus on privacy and security. Apparently FP firmware is now included. Only messanging application Signal drains so much battery without google services that it is arguably unusable. I have nothing else to declare apart from an efficient and available support on XMPP
Experimental A13 based builds are now available for FP4: News - DivestOS Mobile
Reported working so far, albeit with some hiccups of two random reboots noted.
I don’t have a Fairphone myself to personally test with.
Calyx has released their device flasher now. I’m just wondering if there’s any way of making the device flasher flash Divest OS instead? Has anyone tried it?
Can it lock the bootloader safely if you use Divest OS?
Hello
I have updated my DivestOS FP4 to A13 last week and it works as before without any random reboot so far.
I have the same message on the FP3 I use, an also on my old Pixel2 XL. Can this message be ignored? Or is there a way to remove this message?