Is it safe to lock bootloader?


Thank you for your reply. Yes the system rebooted after locking critical (that’s when the unlock ability switched to 0 , I’m afraid).

Is there a way to check the installed security patches?

What would be the correct way to lock my bootloader again? Wait for an OTA update from FP and then lock the bootloader?

Kind regards,

Be careful with your advise based on half knowledge. There are plenty of examples of bricked phones and warnings like these should not be ignored.

1 Like

Dear Toos,

Now |fastboot flashing get_unlock_ability| returns 0 and the
bootloader is still unlocked.

As far as I know it the result is 0 then you can’t lock the bootloader.
Because there are reports on the forum that it will brick your phone.
I am sorry, but that’s all I know.

I see here that rooting the phone and manually changing the toggle of OEM unlocking could be a possibility to, at least, unlock the ciritcal partitions again. But I would rather not go down that route if there are more convenient options available. However I have found none.

1 Like

You are mixing a lot words here, so be careful and do some reading before flashing although I doubt GrapheneOS will ever be available for FP4 or 5 (however that is not the topic here).


So once bootet into the system thats normal…to avoid issues def re-flash-dont boot-check get unlock ability is still 1. if so you should be safe to lock, if still 0 dont lock and wait for next OTA


Okay thank you for your reply! I will wait for the OTA update then.

I guess because the bootloader is still unlocked I need to sideload it? Do you know if that is possible with the critical partitions locked?
And after the OTA is installed I should be able to lock my bootloader again without risk of bricking, right?

Sorry for all the questions, and thanks for helping out.


I have never done it on my own on FP4 or 5 and always kept my bootloader unlocked on thr FP3. From reading especially about the FP4 it seems easiest would be to re-flash using fastboot now, check-lock when there is a way from keeping the phone booting into system after locking critical… In the past with the FP2 this was possible, just by using the button combination durectky after stating reboot from the terminal.

@hirnsushi I know you dont have a FP5 do you still have some tipps probably?

As Iode is not that fast in providing security patches I assume the security patch level you had is not higher, latest FPOS is on, so overall probably quite safw to not brick, however no one can ever give you a 100% guarantee

Yeah I’m quite hesitant, as IodéOS 4.10 was just released which included security patches from LineageOS 21 (I think), which are newer than the current FP5 release. Thanks for your thoughts though.

Yes true 4.10 most likely had the Feb security update already…then ypu have to wait for the FPOS Feb security update and go from there…

I’m not sure where exactly iodé keeps their different FP5 branches, there’s only staging and according to that the last security bump was in November, which doesn’t seem right :thinking:
But then again the FP4 4.10 branch also seems to only have the November update (C.79), quite outdated if that’s the case …

My advice, ask in the iodéOS channels what security patch level they ship in 4.10 for the FP5 and compare it to the patch level shown in the FPOS release notes for the latest factory images available, which is the latest release anyway at the moment.

4.9 def had Jan 24…

1 Like

In that case I have no idea where their sources are for that change :man_shrugging:

They use the Lineage route of setting the rollback index to the platform patch level (the patches coming from Google basically) it seems so you are stuck for the moment (if 4.10 shipped February), yeah.
Calyx switched that to the vendor patch level (Fairphone’s patches) so you don’t end up in that kind of situation. Someone might want to suggest that to them :slightly_smiling_face:


4.10 looks like this in the OS …


Thanks for your help guys, I’ll just wait it out then :expressionless:


it’s not safe, unless you are really careful and know, what you do. this is a just a heads up to everyone from someone, who bricked his phone following the official rollback tutorial from fairphone because a warning there is missing, that you should boot into fairphone os first and lock the bootloader from the developer options. i was not on a 3rd party os anymore, so the other warnings in this tutorial should not apply to me and boom - i locked myself out with fastboot locking. sending the phone in, paying the fee all around a planned vacation where i needed this phone.

i do not want tot complain too much, one needs to be careful. but this phenomenon would be totally avoidable imho by a better warning on the page - maybe fairphone team can improve this? even the official android documentation (did read it later, after the incident) explains it better.

1 Like

Def do not!!! boot first in the system and you cannot lock the bootloader from developer settings.

Flash-dont boot into the system-check get unlock ability is 1- lock-boot is the correct way

1 Like

thanks for the correction @yvmuell , though i don’t understand it fully the way you describe. it’s not in the rollback tutorial either, where does one find the correct commands in the right order?
i am not sure if i ever will lock my bootloader again (device theft is not my biggest fear) when i get my fairphone back debricked. but a detailed explaination or more details in the tutorial would definitely help, i believe.

Yes the Fairphone tutorial is not good or complete.

Those information is spread over the forum in various topics

I personally would also not lock my bootloader.

1 Like

Update: got an OTA update, installed it without problems. Made sure this was the right security patch level and was able to lock the bootloader again.