Maybe you would like to amend the title as the firmware, OS, software etc. is not locked, in the sense you cannot unlock it. It is only locked from the sense another person cannot install without your unlocking the GUI and then unlocking the bootloader.
So I don’t understand your problem, nor you assertions, just unlock the bootloader
Well, I can’t unlock it until I have asked Fairphone’s server for an unlock code, so in that sense it IS locked.
And even if I did request the code and unlock the bootloader, it appears I can’t do anything about the eFuses and the device potentially bricking itself. What security features are disabled by unlocking the bootloader? Can they be re-enabled after /e/os is installed?
I wanted to ask you, did you ever find a source for your suggestion that Google is notified when someone requests an unlock code?
Also, I notice that the “offline unlock code generator” script doesn’t work anymore, since they have changed the serial number format. Also, the code entry now requires internet access to contact Fairphone’s server (it fails with a “no internet connection” message if the phone is offline). I am curious as to why Fairphone are going to such lengths to track who is unlocking their bootloader.
I know this behaviour from LG for example, I even had to create an account for this. I think this is for warranty reasons, but I can’t make but wild guesses here.
The bootloader unlock process apparently disables “important security features” it but doesn’t specify what is being disabled or if it is possible to re-enable them. Can anyone give me more info about exactly what is being disabled?
If you unlock your bootloader, everyone with physical access to your phone can load a modified ROM on it, that’s most likely the “important security feature” which is getting disabled.
The anti-rollback feature should prevent that an older security patch level is applied to your phone and known breaches can be used to attack you. I never heard of eFuses in that context. I heard about them in combination with unlocking the bootloader, if I recall correctly for example Samsung with the Knox features. As far as I know, Fairphone doesn’t use such things to track if your bootloader was unlocked and I would be surprised if they did.
Mostly answered by 3, I think. In addition, you do not receive updates directly by Google. All updates are published by Fairphone.
If you still can, why don’t you send your phone back to Fairphone and buy one with e/os/ already installed on Murena website ?
I know it doesn’t answer your questions but it is a way to live without Google without having to unlock the bootloader
Not sure who you directed this at as I didn’t mention it, but your post follows/i.e. responds to mine. But as the default OS is Google certified it does make sense that they would want to know when you dump them as they are very insecure.
After unlocking the bootloader you likely won’t be able to run *some banking apps, some mobile device management apps (if you are going to use your Fairphone for work emails) won’t run and some other apps may have reduced functionality.
Regarding forced updates: There is nothing worse than an unpatched device roaming the internet. I’m responsible for the operation of a companies IT infrastructure and cybersecurity…the devices that rob me of sleep are not necessarily the ones updating automatically but the ones where for some reasons we can’t or won’t update.
I agree that to some extent your mistrust in Google is valid. On the other hand I want to be able to use my Fairphone for banking apps and agree that - in order to protect their systems - they require some security features. As those features could be circumvented with an unlocked bootloader…I understand why Fairphone delivers their phones with a locked bootloader.
* added the some as @AlphaElwedritsch demanded.
Please correct it to “some banking apps” because it’s not true what you are telling
Seems like unlocking and locking the bootloader after other os install, will brick the fairphone.
I installed some fairphones 4 with ubports in the past without problems.
But the last one i received is now bricked. Fairphone wants me to send to France for repair, costs 45 euro + transport. I will not do that, because it will brick again after install. Or there must be a tool to unbrick.
Fairphone must tell this on their website: other os install will brick the phone.
They do tell you and it might brick and might not brick.
Still everyone would appreciate they could fix the bug after 1.5 years.
that’s not true in general. The only critical point is relocking the bootloader. As repeatedly mentioned here in the forum, you should always check fastboot flashing get_unlock_ability before relocking the bootloader.
If the answer is 1, it should be possible to relock the bootloader.
If the answer is 0, you should not relock the bootloader.
AFAIK this happens when the the previously installed OS has a security patch that is newer than the OS currently installed.
But I also don’t understand why Fairphone doesn’t communicate this problem more openly or finally fix it. It is not at all ecologically justifiable how many devices have been bricked and rendered unusable due to this problem.
The only thing I have done is make a Paypal complaint (i have paid with paypal).
I have asked them to refund, or give a tool or howto to fix this.
Maybe this will speed up a solution.
Why should this speed up a bug fix?It will not change that your phone is bricked and that it con only be repaired in France. I guess you knew playing around with flashing other systems would void your warranty?
I will not pay for a bootloader bug to be fixed in France.
I guess that was the reason to void warranty.
Nope flashing another system voided your warranty not the bug itself.
The problem is, at least from my limited understanding at this point, that …
… so the rollback index should be cleared when you switch between locked / unlocked and vice versa. I’ve talked to a Calyx dev in the past, they didn’t get a response out of Fairphone either, and they agreed that it’s broken.
Now, when you switch between ROMs, you should start with a blank slate regarding rollback protection, but you don’t. That leads to it getting triggered if you install the wrong version and lock the bootloader.
Combine that with Fairphone probably resetting OEM unlocking on first boot (I know for a fact CalyxOS does), because that’s the state your phone is in when you buy it and that’s what you should get after installing factory images.
Wrong image + Android booted before locking = 
As I said, that’s from my limited understanding, so this might be completely wrong, but since after all this time no one at Fairphone has bothered to clear this up, that’s what I’m going with … 
Oh, and in my opinion they shouldn’t charge more than shipping to get bricked phones fixed, it’s a proprietary component, it’s on them to solve the issue.
But unfortunately because the Google bootloader for the Qualcomm Snapdragon uses eFuses on the chip to store this rollback index, it’s physically not possible to reset it, ever. The bootloader causes permanent damage to the CPU whenever an update is installed, by irreversibly blowing those fuses. Fairphone should never have used such a chip that bricks itself, or they should have used a bootloader that doesn’t blow / read them in the first place.
Really it’s up to ME which version of software I want to use on MY phone that I bought. It’s not a rented phone.
It would be great if they could make the phone “unbrickable” by allowing to boot from SD card to install an OS, like the Pinephone / Librem 5 does. Or indeed like any PC/Laptop does.
Only then could they truly say that they are saving phones from landfill.
Got any sources on that? 
The AvB specifications I linked above are directly by Google, and they specifically mention that the rollback index should be cleared.
Would be strange for Google to offer a bootloader that violates their own directive …
If you don’t lock your bootloader, none of this matters and you can install as many different operating systems as you want without bricking your phone.
The rollback index only comes into effect once the bootloader is locked.
As I understand it, It’s the same anti-rollback mechanism as used on Google phones since Pixel 6, which uses the eFuse feature of the Snapdragon SoC:
https://www.xda-developers.com/google-pixel-6-series-android-13-anti-rollback-bootloader-version/
The rollback protection on the Google Pixel 6, Pixel 6 Pro, and the Pixel 6a is materialized through electronic fuses (eFuses). An eFuse is like a write-once flash. Once you flip those bits by writing something into them, there’s no going back. After “blowing” an eFuse, it’ll stay written with that value forever.
That’s reassuring if this is true. However, what initially worried me was Murena’s website here:
https://doc.e.foundation/devices/FP4/install
(see “caution” section in red, and examples)
This section is after you have unlocked the bootloader. There is no mention of re-locking it in the steps up to that point. Yet they still warn that if the anti-rollback is triggered, you will brick your phone.
Well, if that’s the case, that really sucks, but it certainly would explain why it’s not working as it’s supposed to 
I’m gonna give Fairphone the benefit of the doubt here, never attribute to malice … etc., but if they don’t explain it / fix it, the outcome is basically the same.
You will, if you trigger it (and OEM unlocking is deactivated), but it’s not active unless you lock the bootloader and if you check fastboot flashing get_unlock_ability before locking it, you can usually unlock it again even if you triggered it.
Beware, that’s the case for the FP4, other phones might even check the rollback index in an unlocked state, it’s up to the manufacturer to decide.