Should Firehose be published?

A cheap EDL cable can get to 9008 mode. It’s useless without the firehose programmer elf file.

I completely agree. As they claim that repairability is their mission, they should give customers the chance to repair Fairphone’s software blunders themselves. It is now a month that Fairphone have messed up royally, and they have neither come up with a solution, nor with a prospective release date for an update.

If this software you are referring to exists, there will be good reason to not release it.

It may either be a license issue, since I guess this software will be from Qualcomm, or and that is more likely, it can overwrite every (fair)phone.

Do you want a software in the wild that can be used to wipe any(ones) phone?

But it even seems to be a bit different, since everybody gets a new phone.

I’m sorry, but I fail to see the rationale for your concerns. Every Fairphone has the function to completely wipe it already built in (factory reset: https://support.fairphone.com/hc/en-us/articles/8947817428881-How-to-erase-all-data-factory-reset). However, this requires that the phone is still able to boot so that at least Android Recovery can be reached.

If it is completely bricked and doesn’t boot, than the use of an external bootloader (aka as firehose file) might be the last chance to access the phone’s data, or to bring it back to working condition by flashing a new OS. For this, you need a special cable that shortens two contacts of the USB connection while powering on to trigger the Qualcomm chip set to download and execute the external bootloader. As the external bootloader is specific for the phone’s hardware and has to be signed by the manufacturer, its copyright will be with Fairphone resp. the manufacturer they commissioned to build their phone, so it’s at their discretion to release it to the general public, or only to requests from legitimate users whose phones are bricked, and to limit its use in the same way that they licence the binary blobs needed to build Android from source (Fairphone 4 - Binary Blobs Package — Fairphone Open Source).

Again, as Fairphone’s claim is to provide the most repairable phone on the market, they should give users the chance to repair not only hardware, but also software issues resulting in a bricked phone. Especially as they reject any attempt to recover data from sent in phones due to data protection regulations, and if the phone has been bricked by their own update.

The rationale is that you can protect the factory reset. Thus, when enabled, others cannot do this.

Yes, I’m aware of that. But blocking such illegitimate use means to block also legitimate use in the case of need. The use case for the illegitimate use will typically be that the phone has been stolen, and the thief wants to sell it as a used phone after factory reset. If that is not possible he may only dismantle it and sell the parts as spare parts.

For the legitimate owner, it will be lost in any case. The decision not to release firehose files might only reduce the profit for the thief, but not add any protection for the legitimate owners, and deprive them of the last chance to recover their data and restore the phone back to working. As said before, Fairphone has any option to release it only to legitimate users with proof of ownership, and to licence it only for personal use.

For other technical measures to fight phone theft, I refer to the ongoing discussion between lawmakers and manufacturers in the UK: Tech bosses could stop mobile phone theft, say MPs - BBC News

You are wrong. The factory reset protection still offers legitimate options, since it just adds password protection.

And you are also wrong if you think that the firehose files will not spread into the wild, when they are released to users.

And regarding other measures against phone theft:

I do not want to rely on the goodwill of the manufacturer or the OS provider, whether I can use my phone or not, not even on Fairphone.

This is a really bad development which I see more and more:
Google and other companies try to close down phones more and more and make them less repairable, software and hardware wise.
All under the cover of security, but it actually just results in less comfort for the user.
Hardware wise we saw this with gluing phone components and making the battery not exchangeable.
Software wise we first saw this that phones were becoming more difficult to root, then we saw bootloaders locking becoming a thing (with more and more complex unlock procedures) and no way to access bricked phones (aka the firehose topic we have here.). Google even tries to block this more and more, with apps not from google play becoming hard to install. (Google will require developer verification to install Android apps, including sideloading)
Now it’s very difficult to back up app data or edit the host file, which is both easy with Windows or Linux (and older Android versions).
I hate that people are using google’s marketing arguments that this is “more secure” and “evil people use it”.
Fairphone is doing good in a lot of sectors here (easily repairable, battery exchangeable, bootloader can be relatively easily unlocked) but could still improve in some sectors, e.g. giving out the firehose file.
Every method can be used to create harm, but it can also benefit a lot of users to access their own smartphone more freely. And this is what fairphone is also about, right?

Yes, it would only be fair for those files to be provided.

In theory you can write a firehose loader, but without having the original signing keys this loader would not be accepted in EDL mode.

I’m not sure what your argument is. Fairphone has terrible security. There is no way for me to wipe the data on my bricked FP4. Even if I could, I wouldn’t send it in for repair. Releasing the firehose file could enable me to fix it myself. Bootloader // AVB keys used in ROMs for Fairphone 3+4 - #24 by tretkowski

@FPbonn, that would be wonderful; having a FOSS (except the keys) firehose loader would be unique, even if distributing the signing keys would break copyright.

The only company that could release the private key for signing is Qualcomm. The public key is placed in the ROM of the Qualcomm SoC.

@FPbonn, I presumed that we’d require the private key, too. I didn’t even consider that acquiring it would be a ludicrous possibility, considering how many EFI manufacturers routinely have theirs leaked. However, in retrospect, Qualcomm wouldn’t implement a system where they’d need to provide a private key to manufacturers. Apologies for being dumb.

Leaked firehose loaders does not mean, that the keys are leaked. The principle of PKI is, that the private keys are private and remain private (no matter who owns the private keys - e.g. FP, Cordon, Qualcomm, …).

Maybe I went a bit far.

I am just pretty sure that demanding the firehose is useless since I am close to certain that Fairphone is legally bound to not release this into the public in any way.

And since some people already reported that their phone was replaced, the firehose seems to be useless regarding the current FP4 update brick.

I dont think so, I guess this was just to speed up things over holidays.

However I agree we will never officially get the firehose.

I bought a used Fairphone 5 from Amazon returns for cheap. It’s bricked because of the faulty Android 15 update that reportedly killed devices with broken fingerprint sensors. Now it’s permanently stuck on the boot animation.

I tried the multiple reboot trick. Nothing.
I tried flashing back Android 14. Nothing.
Apparently the hidden fastboot oem allow-flashing command was conveniently removed in Android 15. Great move.

For some reason, i can’t even buy a fingerprint sensor separately. Instead, they want you to ship the entire device across Europe to their exclusive “Cordon” service center just to replace a part that probably costs a few cents and takes 10 minutes to swap. So much for “repairability.”

And the best part? They won’t provide the Qualcomm EDL firehose file either — the very file that would allow users to unbrick their own devices by reinstalling the firmware. Only their monopoly service center has access to it. So if your phone is bricked because of their update, your only “option” is to send it to them and pay.

Do you realize how absurd that is? Shipping a whole device across Europe — wasting time, money, and energy — for something that could be fixed by me at home in 2 seconds if they simply provided the necessary file?

I don’t even care that the fingerprint sensor doesn’t work. I just want to use the phone.

“We fixed it in a new update, sorry. Oh, the update killed your phone? Unlucky :D”

Everything software-related that Fairphone touches feels half-assed, and when something goes wrong, users are left with zero real options to fix it themselves.

So much for sustainability. So much for right to repair.

All I’m asking for is access to a file that would let me fix my own device.

Repairability until now with every Fairphone has been the swapping of predefined modules.
Perhaps the Fairphone 7 or 8 will have the fingerprint sensor on a module. The USB port went from being a part of a larger module to being its own module, for instance.

https://www.fairphone.com/wp-content/uploads/2023/12/Fairphone-5-Information-on-how-to-repair-and-recycle.pdf includes an email address to perhaps help identify the part …

"6. Component information
For any question on this chapter, please contact
product.management@fairphone.com."

Since this comes up time and again …

@Fairphone_CM: There’s frequent interest in why EDL firehose files for Fairphones aren’t publicly available for users to unbrick their phones themselves. Why is that?

may be to avoid stolen devices to be reinitialised ?
(related to FRP lock)