FP3 locking bootloader with Magisk? [solved]

Help Fairphone 3
, , , , ,
1

GOALS

I have the goal of running a few authentication apps on Lineage OS (danish MitID and its french equivalent - upcoming).

But MitID does not agree to anything but Google approved OS, meaning it is not happy with Lineage, no matter if I have root or not and locked bootloader. Yes I did run the phone on LOS for a year with the bootloader locked.

WHAT I DID WHICH RUNS FINE

I just did a fresh (re)install of Lineage OS 20 on my FP3, to be safe and sure (anyway, it was needed - I followed Lineage wiki instructions). All working nice and sweet, no trouble.

Upon that, I install Magisk properly and gain root power (attested by root checker). Finally, SafetyNet checker tells me to lock the bootloader again. That was expected (I think it’s about the CITS thing ?).

THE FAILURE

When I lock the bootloader (following those instructions : https://support.fairphone.com/hc/en-us/articles/360048646311-FP3-Manage-the-bootloader ), the device goes lock and tells me that “the device is corrupt and won’t boot”.

I can actually boot by restarting in fastboot mode, and making sure the bootloader is unlock. Obviously, each time it resets the phone - erasing the few settings I put in place to check functionalities.

Notice that trying to lock the bootloader first (just after LOS setup and checking everything is in order), before Magisk install, will also give out that “device is corrupt” message.

At the time of writing, I use the phone with unlock bootloader, LOS and Magisk installed and rooted. You can ask questions or make comments (yes please, do comment…)

QUESTIONS

Now comes the questions:

  • What do I do wrong when relocking the bootloader ? Why could I do it one year ago and not anymore ? Do some of you relock it correctly ?
  • Is there a better way to achieve my goal (auth app requireing safetynet super clean running on LOS) ?
  • Are there up-to-date tutorials to follow to achieve said goals (I can install LOS + magisk, after that, I don’t know yet) ?
  • If you have tutorials, do you mind giving the link ? (Because the ones I followed were not successfull as you can read)

Thank you for your help.

2

Just reading the subject line: you cant lock the bootloader as long you are rooted (Magisk).

1 Like
3

ok, thanks for your answer.

Then, how come I read some people manage to run some apps with safetynet requirements on LOS ?

4

I found those thread to help with my goals.

https://www.reddit.com/r/Denmark/comments/up098c/guidemitid_pĂĄ_android_med_rootmagisk/

5
  • LineageOS does not support relocking.
  • You cannot relock with verified boot with flashed-on-top root solution, it must be compiled into the system image.
  • Relocking won’t fix SafetyNet.

Also:

  • Root bad.
  • Unlocked bootloader bad.
6

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.