Fairphone 4 locking bootloader after reverting from LineageOS20 to FPOS

Hello everyone,

I reverted from LineageOS20 to the original stock FPOS and would like to lock the bootloader again. I read in some post, that after having installed an OS with a higher security patch, it is impossible to relock the bootloader with an older security patch (as it is with LineageOS to FPOS). But it is also mentioned that you need to have a lock at the Unlock ability flag.

I’m a bit confused and can’t really get what I have to be aware of or must check before doing so. Could someone please tell if it is even possible and if yes, what I have to check before locking the bootlaoder again? I searched for this topic, but didn’t get any explicit or up-to-date information about this. Any links to relevant posts would be appreciated as well :slight_smile:

Thank you very much!
So, is there any chance that my phone will get bricked if I follow these steps, or is the warning, that the phone maybe get bricked outdated? :smiley:

If you make sure you still have get_unlock_ability before locking the bootloader the worst that can happen is your phone becoming unbootable and you having to unlock the bootloader again.

There are of course always things that can go wrong apart from that but it generally is quite safe (if you remember to check beforehand, can’t repeat that enough).

Do you happen to know the patchlevel you are currently on (not necessarily the platform security patch level you see in settings)? :thinking:

If you are indeed running a version that’s newer than the available FPOS factory images the only way get the phone locked and booting properly is by updating it via OTA updates. If you perform those via recovery get_unlock_ability shouldn’t be touched :crossed_fingers:

Otherwise (or if you prefer to run the updates through Android userland) you might want to think about using the Magisk method to set get_unlock_ability back to 1 afterwards, just to be safe.

Edit: So from what I can tell from BoardConfig.mk, version_util.mk, and version_defaults.mk, LOS does use platform security patch level for the rollback index, so you can check it under Settings → About phone → Android version.
(I don’t run / build LOS, so someone please correct me if that variable is set somewhere else)

In any case it’s probably safe to say that you won’t be able to lock the bootloader without performing OTA updates after flashing factory images, and depending on your current level you might even have to wait for the next OTA updates to be released.

1 Like

I already flashed the FPOS, but didn’t run the first initial setup or any updates. Recovery.log has a line “ro.vendor.build.security_patch=2023-08-05”.
Is this what you need to know? Or where can I check the current version after flashing FPOS?

I didn’t update LOS20 since beginning of December.

No, that’s the patch level the factory images have set, those are C.073 so definitely too old. We would need the SPL of the last LOS version you had installed.
I don’t know of a fastboot command to query the expected rollback index, funnily enough there’s one to clear it:

Not sure if anyone ever tried it :thinking:

Any chance that was before Lineage raised the SPL on December 11?
Otherwise you’ll have to wait a bit for Fairphone to catch up:

Possible, but I’m not sure. I better wait for the next FPOS update.

I couldn’t find anything regarding Fairphone 4 OTA sideload updates. Are those only available for FP3(+), or am I missing something?

Fairphone still doesn’t release them directly so someone has to post the link to the ota.zip file each time.
You need C.079 and C.087 so far.

The C.079 update seems to need FP4.SP2K as base version. So I flashed the FP4-SP2K factory image and tried to install C.079 via adb sideload, but I get the following error message:

Installing update…
Step 1/2
Error applying update: 7 (ErrorCode::kInstallDeviceOpenError)
E:Error in /sideload/package.zip (status 1)

Thank you very much for the help! :slight_smile:

FP4.SP2K.B.089 is the last A12 release, you want FP4.TP1V.C.073, the first A13 release directly before C.079 (and the newest factory images available).

Let’s see if the proper base fixes it, otherwise there’s always the Magisk method (performing OTAs normally, using root to set get_unlock_ability back to 1 afterwards) :slightly_smiling_face:

I tried it with the FP4.TP1V.C.073 factory image, but the linked C.079 update gave an error message, that said that the expected version is SP2K but installed is TP1V.

Interesting :thinking:
I didn’t have time extract the update link myself that time, so not sure what’s going on there. Might be that that’s the update for people on Orange France that had to skip C.073 and went straight to C.079.
Checking the metadata that seems to be the case, so we are missing that OTA update file :see_no_evil:

Honestly at this point I’d use the Magisk method.

But if you want to continue on the recovery route let’s figure out what’s going wrong. My first instinct would be issues during transfer or a faulty ota.zip. Please check the SHA256 of your C.079 file, mine’s 980d55ba91c32b38aa35b3f5049aa67c5debc5d6f02bb63c46e1a30ac96a44d3.
Could also be a problem with the recovery directly but since you reflashed with factory images I would expect stock recovery to be able to deal with stock OTA files …

Oh and for good measure, what’s the output of fastboot oem device-info currently?

Edit: C.095 got released which finally brings FPOS up to the December patch level, so whatever you were running before you should be fine now (still, don’t forget to check get_unlock_ability) :slightly_smiling_face:

2 Likes

I flashed the FP4-TP25-factory image and was able to lock the bootloader!

The device is booting normally :slight_smile:

Thank you very much for the help and all explanations!

2 Likes