I picked up lots of tips and advice around this topic on the Fairphone and iodé community forums which so far has enabled safe flashing of my FP4. I’ve also posted this topic on the iodé forum.
After installing iodé 4.1-20230401 fastboot zip (all very good) I want to go back to stock FPOS. I downloaded version FP4.SP21.B.048 from their manual installation instructions webpage.
Phone automatically rebooted to the welcome screen at the end of flashing.
Security patch Level of iodé is March, FPOS is February. Checking fastboot flashing get_unlock_ability =0.
I removed reboot from the flashing script and edited the shasums file in order to flash again without reboot at the end.
Before flashing I erased the iodé avb_custom_key.
Checked the unlock_ability before rebooting, still=0.
Updating OTA to SP25.B.058 with March security patch makes no difference. The phone boots into FPOS ok but unlock_ability =0.
I’m now hoping Fairphone will make full factory image available on their Manual Installation page sometime soon and I’ll give that a try.
Is it possible to go back to stock and relock? Has anyone done it?
It is possible, I have a FP3+, but I’m pretty sure that you can do it. Only thing you have to leave the bootloader unlocked untill the security patch of FairphoneOS is equal or newer that the iodé as specified on the support page:
" * If you install an OS with an older security patch level than your previous OS, Android’s roll-back protection might brick your device when locking the bootloader! Wait until you get a software update with the same or newer security patch level before locking the bootloader."
P.S. I have recently relocked my bootloader, but I have taken it unlocked for over one year.
Thanks for replying. It’s updated to March (latest ) security patch, which is equal to iodé.
And thanks for the link; I knew I had read those words somewhere on the website but couldn’t find them when I was looking earlier!
What I don’t know is if the full factory image of the latest update will change things. When and if it eventually becomes available for download.
So maybe it needs another update with the April patch. Who knows?
You’ll need newer factory images, once you had a ROM with a higher SPL installed you can’t go back.
There is a way to enable get_unlock_ability again by temporarily booting a Magisk
boot.img and enabling it.
So in theory you could install the old images, OTA update to the latest version, re-enable get_unlock_ability, and lock it.
I would however recommend waiting for new images. It’s been an while since the other method has been used and with the lack of testing I wouldn’t consider it brick-safe.
That’s interesting, thanks. I’ve had another read the big topic and especially your post about this workaround. If I was planning to keep the phone it would be a potential fix, but I’m not. Seems there’s a risk that the OEM toggle is disabled in the off position after fixing also.
I’ll hurry up and wait.
I’m happy to report that this worked to lock the phone with stock FPOS.
Since writing the previous posts I had flashed stock android 11 and updated OTA to android 12, B058,March security patch.
My thoughts around this were that the phone had March security patch both on stock and the prior installation of iodé OS; so according to current guidelines that should make it OK for locking.
My confidence was bolstered when it came to toggling OEM unlocking to ON because there was a pop-up asking to Input verify code like it did the first time of unlocking.
After another reboot and a factory reset; the toggle stayed ON.
I checked get_unlock ability = 1 at every opportunity before and during taking the final steps of locking critical and locking bootloader.
That was followed by a normal reboot and toggling OEM to OFF - where a pop-up asks for a restart to enable security feature
So that’s it, back to normal Fairphone. thanks again @hirnsushi for all the info posted over the forum on this issue.