Dear Community,
I asked the official Fairphone Support whether the Fairphone 4 supports verified boot/secure boot with a custom (user-defined) key and they said ‘yes’.
This means that ROMs can install their own key which opens the path to more secure custom ROM experiences and automatic updates with a locked bootloader. As far as I know, the only other series of devices to allow this properly are the Google Pixel phones. As they are not available in many countries this makes the Fairphone 4 pretty unique and an exciting phone for custom ROM development.
My personal hope is that this might lure in privacy/security focused ROMs like CalyxOS or GrapheneOS to support the Fairphone 4.
This is their official responds:
As I understand it, your questions was:
Is it possible to have a functioning android verified boot by allowing the use of a custom key and a properly verified key during the boot process?
After investigating with the product team, the answer is:
Yes, installing a custom “avb_custom_key” onto Fairphone 4 and locking the bootloader again is possible.
FP4 will then verify the integrity of the custom image against the key in “avb_custom_key.”.However, after locking the bootloader, FP4 will still show a yellow warning message saying:
“Your device has loaded a different operating system.”. You can find more details here.