English

Official LineageOS 17.1 for Fairphone 3/Fairphone 3+

The exfat driver is included with the kernel. I remember that you asked for it. :laughing:

2 Likes

Great! Thanks. Didn’t know whether you got the time to include it already… Time to migrate the data again:-)

With k9 i have a strange flickering when it displays a mail. Not always, and not immediately, but after the third mail or so the frames on top and bottom flicker for some time, then it’s gone. Like some updating of the display. Haven’t seen it anywhere else up to now

Yes, that should be technically possible if LOS provides an appropriate vbmeta partition that is signed using google test-keys (Just like the e-folks do).

AFAIK having secure-boot disabled “just” disables the verification of the sbl, which will however still verify the rest of the boot-chain.

Thanks, that helps!

How can I check if it is signed using google test-keys?
Is this a reliable way:

avbtool.py info_image --image vbmeta.img
Minimum libavb version: 1.0
Header Block: 256 bytes
Authentication Block: 576 bytes
Auxiliary Block: 2432 bytes
Public key (sha1): 2597c218aae470a130f61162feaae70afd97f011
Algorithm: SHA256_RSA4096
Rollback Index: 0
Flags: 1
Rollback Index Location: 0
Release String: ‘avbtool 1.1.0’

It seems that ‘2597c218aae470a130f61162feaae70afd97f011’ is indeed indicating a google test key [1], however I am a bit doubtful, as basically every image I tested seems to use that key, including the official Fairphone image…

I guess I should simply bite the bullet and try it, but I am trying to avoid bricking my phone (or needing to resort to complex unbricking procedures) :slight_smile:

[1] https://android.googlesource.com/platform/external/avb/+/5abd6bc2578968d24406d834471adfd995a0c2e9/test/avb_slot_verify_unittest.cc

Yes, fairphone also use the google test-keys AFAIK.
I’d say backup your data and give it a go.
Worst case you’ll have to unlock it again.

If I decided to drop my data partition and if I am on LOS 17.1 GSI, would I have to flash a stock Android 9 first or could I just flash your ROM?

Just to be sure: after flashing the first build, I went to the settings to encrypt the device, but apparently it was already encrypted. Is this on by default for the FP3 image?

(PS: I updated to the second build today, it took a while, but went smoothly and looks good so far!)

It worked!

I relocked the bootloader (fastboot flashing lock), it automatically wiped my user data, and booted successfully! Also, after restoring my data, I was able to upgrade from last-week’s release to the new release of today - all without problems.

Now, this does raise a lot of security questions though. I did not realize that LineageOS, /e/ and even Fairphone where all signing their builds with google test keys - essentially rendering the OS build integrity checks meaningless… I guess in fact that means that it doesnt really matter which keys are being used, as they are simply not checked? Any key would be accepted?

That being said, I am happy that my bootloader is now locked.

Next steps:
(1) See if I can sign the builds with my own keys, and have those keys checked (using avb_custom_key, as GrapheneOS does). With secure-boot disabled, that still has its problems, but at first sight seems another small improvement.
(2) I would also like to get rid of these userdebug builds, and instead build a ‘user’ build - again improving security. See also [1].
(3) Ideally, I would be able to burn the PK HASH with my own keys, which might allow me to enable secure-boot - but that will require a lot more reading :slight_smile:

If anyone has any pointers to help work toward that, let me know!

[1] https://madaidans-insecurities.github.io/android.html#custom-roms

3 Likes

Hello,
Thank you again for your work, that’s amazing.
I can confirm that this version does not support the new camera modules. That was expected but I still wanted to try.

2020-11-24 15:29:22.070 13100-13127/com.google.android.GoogleCamera E/CamDeviceVerify: Camera Manager reconnect failed, or there are no cameras on this device.
2020-11-24 15:29:22.078 13100-13100/com.google.android.GoogleCamera E/AndroidRuntime: FATAL EXCEPTION: main
    Process: com.google.android.GoogleCamera, PID: 13100
    java.lang.IllegalStateException: No Cameras are currently available.

I’ll come back for LOS 17.1 when the new modules will be compatible :wink:

Tried to update via ota today. Phone did boot but then screen dark and hard reset. First idea was problems with gapps or magisk. In the end and lot of tries reinstalling old and current los via twrp i identified the sd card. As formatting via phone used fat i used my Linux system to format the sd card with exfat. Looks like an error… Back to phone formatted sd card now.
Interestingly, i lost lots of permissions which have to be regranted…

1 Like

Anyone else having issues using OTA updates from 12th November (662MB) since it is available? I have tried it several times during the last weeks but it always fails either while installing or rebooting (mostly the former). I simply dont know what to do, but probably have to reset everything.

See my post above. I ended installing via twrp/fastboot. But i did not lose my data

I kinda dont want to, because I had to reconfigure everything when changing from unofficial to official as well, even thought I followed the instructions.
I cant even get it to reboot after the update. And I wanted to file this issues so they might have an eye on that. I had to reconfigure everything so often by now, I just wanna keep using my phone instead of reconfigureing everything every few weeks.

This i can understand! And yes, as stated before, ota didn’t work for me, either, so this should stand.
But still there should no need to do the configuration anew. I did not have to, neither going from unofficial to official, nor for updating, even though it was quite adventurous (sp?). So maybe there’s still something else going on in your phone.
Do you have microg, gapps, magisk, anything?

MicroG only. Yeah updating to official was weird, because everything worked fine and after that it rebooted but went straight into first-time-setup.
Im also uncertain if this issue keeps happening after I reinstalled everything.

Is it possible to upgrade from lineage-16.0-20201112-microG-FP3 to lineage-16.0-20201123-nighty-FP3 (standard) without deleting user data and factory reset?
It takes me hours (and in caused by a banking app with pin - mail even days) to setup the phone to my usability again after a factory reset… which I would avoid, when ever possible.

I just wiped everything, installed the November 12th version with microG.
Sure enough I checked for updates, but it wanted me to install the November 12th update again and it did not work, resp. the same update kept popping up.

Regarding @frank-bxl question: I have sideloaded the plain LineageOS version from Novmeber 23rd. I dont know about data, but it conserved my PIN and Wifi Settings. However it removed MicroG.

It seems to me, that there is an issue with MicroG itself, possibly related as to why there is no more recent update.
I will just try and use one of the other versions in the mean time. Sadly Lineage17 is not usable at the moment afaik.

Edit: I do so unhappily, because I actually liked to be “as free as possible” from google apps. I would like to go back at some point. But right now there is no need for me to go back to a not functioning version and reconfigure everything.

1 Like

This should be the proof for preservation of the user data. I’ll give it a try and report here later.

Additionally I just realised, that locking the bootloader, at least after installing the microG version, resets user data. (Did some useless reconfiguration again)…Anybody knows, if there is a better place to share this issues?