A cheap EDL cable can get to 9008 mode. It’s useless without the firehose programmer elf file.
I completely agree. As they claim that repairability is their mission, they should give customers the chance to repair Fairphone’s software blunders themselves. It is now a month that Fairphone have messed up royally, and they have neither come up with a solution, nor with a prospective release date for an update.
4 Likes
If this software you are referring to exists, there will be good reason to not release it.
It may either be a license issue, since I guess this software will be from Qualcomm, or and that is more likely, it can overwrite every (fair)phone.
Do you want a software in the wild that can be used to wipe any(ones) phone?
But it even seems to be a bit different, since everybody gets a new phone.
1 Like
I’m sorry, but I fail to see the rationale for your concerns. Every Fairphone has the function to completely wipe it already built in (factory reset: https://support.fairphone.com/hc/en-us/articles/8947817428881-How-to-erase-all-data-factory-reset). However, this requires that the phone is still able to boot so that at least Android Recovery can be reached.
If it is completely bricked and doesn’t boot, than the use of an external bootloader (aka as firehose file) might be the last chance to access the phone’s data, or to bring it back to working condition by flashing a new OS. For this, you need a special cable that shortens two contacts of the USB connection while powering on to trigger the Qualcomm chip set to download and execute the external bootloader. As the external bootloader is specific for the phone’s hardware and has to be signed by the manufacturer, its copyright will be with Fairphone resp. the manufacturer they commissioned to build their phone, so it’s at their discretion to release it to the general public, or only to requests from legitimate users whose phones are bricked, and to limit its use in the same way that they licence the binary blobs needed to build Android from source (Fairphone 4 - Binary Blobs Package — Fairphone Open Source).
Again, as Fairphone’s claim is to provide the most repairable phone on the market, they should give users the chance to repair not only hardware, but also software issues resulting in a bricked phone. Especially as they reject any attempt to recover data from sent in phones due to data protection regulations, and if the phone has been bricked by their own update.
7 Likes
The rationale is that you can protect the factory reset. Thus, when enabled, others cannot do this.
Yes, I’m aware of that. But blocking such illegitimate use means to block also legitimate use in the case of need. The use case for the illegitimate use will typically be that the phone has been stolen, and the thief wants to sell it as a used phone after factory reset. If that is not possible he may only dismantle it and sell the parts as spare parts.
For the legitimate owner, it will be lost in any case. The decision not to release firehose files might only reduce the profit for the thief, but not add any protection for the legitimate owners, and deprive them of the last chance to recover their data and restore the phone back to working. As said before, Fairphone has any option to release it only to legitimate users with proof of ownership, and to licence it only for personal use.
For other technical measures to fight phone theft, I refer to the ongoing discussion between lawmakers and manufacturers in the UK: Tech bosses could stop mobile phone theft, say MPs - BBC News
5 Likes
You are wrong. The factory reset protection still offers legitimate options, since it just adds password protection.
And you are also wrong if you think that the firehose files will not spread into the wild, when they are released to users.
And regarding other measures against phone theft:
I do not want to rely on the goodwill of the manufacturer or the OS provider, whether I can use my phone or not, not even on Fairphone.
This is a really bad development which I see more and more:
Google and other companies try to close down phones more and more and make them less repairable, software and hardware wise.
All under the cover of security, but it actually just results in less comfort for the user.
Hardware wise we saw this with gluing phone components and making the battery not exchangeable.
Software wise we first saw this that phones were becoming more difficult to root, then we saw bootloaders locking becoming a thing (with more and more complex unlock procedures) and no way to access bricked phones (aka the firehose topic we have here.). Google even tries to block this more and more, with apps not from google play becoming hard to install. (Google will require developer verification to install Android apps, including sideloading)
Now it’s very difficult to back up app data or edit the host file, which is both easy with Windows or Linux (and older Android versions).
I hate that people are using google’s marketing arguments that this is “more secure” and “evil people use it”.
Fairphone is doing good in a lot of sectors here (easily repairable, battery exchangeable, bootloader can be relatively easily unlocked) but could still improve in some sectors, e.g. giving out the firehose file.
Every method can be used to create harm, but it can also benefit a lot of users to access their own smartphone more freely. And this is what fairphone is also about, right?
5 Likes
Yes, it would only be fair for those files to be provided.
3 Likes
In theory you can write a firehose loader, but without having the original signing keys this loader would not be accepted in EDL mode.
2 Likes
I’m not sure what your argument is. Fairphone has terrible security. There is no way for me to wipe the data on my bricked FP4. Even if I could, I wouldn’t send it in for repair. Releasing the firehose file could enable me to fix it myself. Bootloader // AVB keys used in ROMs for Fairphone 3+4 - #24 by tretkowski
@FPbonn, that would be wonderful; having a FOSS (except the keys) firehose loader would be unique, even if distributing the signing keys would break copyright.
The only company that could release the private key for signing is Qualcomm. The public key is placed in the ROM of the Qualcomm SoC.
2 Likes
@FPbonn, I presumed that we’d require the private key, too. I didn’t even consider that acquiring it would be a ludicrous possibility, considering how many EFI manufacturers routinely have theirs leaked. However, in retrospect, Qualcomm wouldn’t implement a system where they’d need to provide a private key to manufacturers. Apologies for being dumb.
Leaked firehose loaders does not mean, that the keys are leaked. The principle of PKI is, that the private keys are private and remain private (no matter who owns the private keys - e.g. FP, Cordon, Qualcomm, …).
1 Like
Maybe I went a bit far.
I am just pretty sure that demanding the firehose is useless since I am close to certain that Fairphone is legally bound to not release this into the public in any way.
And since some people already reported that their phone was replaced, the firehose seems to be useless regarding the current FP4 update brick.
1 Like
I dont think so, I guess this was just to speed up things over holidays.
However I agree we will never officially get the firehose.
2 Likes