Trapped in fastboot mode with locked bootloader and corrupted custom ROM

Help Fairphone 4
, , ,
111

Not in iodè
Not in calyxOS

Both are privacy and security focused with verified boot. root and root debugging is not part of this philosophy…

Both are possible to root
But is not suggested and not supported and not the Default

112

resetprop is a feature of Magisk to change read-only properties, so no. But installing the Magisk app and fastboot booting a Magisk patched boot.img should be enough for this to work.

That’s a function declared somewhere else in the script, has been used before to flash the other partitions. It’s essentially a fancy way of saying fastboot flash foo with some error handling. ${FASTBOOT_BIN} is just a variable to point to the included fastboot.

It does, that’s why we need to set ro.boot.flash.locked to 1 so the system thinks the bootloader is locked and the toggle gets enabled.

1 Like
113

But only in /e/OS
Not in iodè and calyx because of verified boot. Both does not allow to boot any not signed images, recoverys or kernels

1 Like
114

We are talking unlocked bootloader here, that only applies if you locked it, I’m running Magisk on Calyx right now.
How else would I have been able to change that property on a Calyx device that got changed to get_unlock_property=0?

The part in bold is important here. This isn’t a way to revive bricked phones, only a possibility to maybe save people beforehand.

4 Likes
115

I would like to give this a try since I want to use CalyxOS with a locked bootloader. However, I’ve never used Magisk or patched a boot.img to use it – would it be possible for you to point me in the right directions to get started/roughly guide me what I need to do? I would very much appreciate the help!

116

thanks a lot hirnshushi.
You show a working but not so easy way.
I think, no problem for an expierienced user. But for a novice, it is more than easy.

Maybe there will be an easy solution in the future…

2 Likes
117

Sure :slightly_smiling_face:
Keep in mind that I haven’t tested this, because I didn’t lock my bootloader afterwards and I can’t guarantee that there’s no possibility left to brick your phone!

With that out of the way, download the boot.img and the Magisk.apk (for others trying this on a different ROM, please use the corresponding boot.img for that ROM!) from those two links to your PC…

…and enable ADB debugging on your FP4 if you haven’t already.

  • Install the Magisk app by either running adb install Magisk-v24.3.apk or transferring the .apk to your phone
  • adb reboot bootloader and fastboot boot calyx-3.3.2_magisk_boot.img should boot you into a Magisk enabled Calyx
  • adb shell su -c 'resetprop ro.boot.flash.locked 1' should show a prompt on your phone screen to grant root privileges…
  • Change OEM unlocking to on in Developer options.
  • adb reboot bootloader and most importantly check if fastboot flashing get_unlock_ability actually returns 1
  • :pray: Pray to the ancient gods :smirk:
  • fastboot flashing lock

There might be, I only went with the tools I know, so others more knowledgeable in low level stuff maybe can help here :thinking:

10 Likes
118

Thank you very much for the guide – OEM re-enabling worked! After having booted with the patched boot.img and issuing adb shell su -c 'resetprop ro.boot.flash.locked 1', OEM unlocking can be toggled again and in fastboot, get_unlock_ability is back to 1.

Before attempting to lock the bootloader, I rebooted again normally without the patched boot.img. OEM unlocking still is set to “on”, but again cannot be toggled anymore (greyed-out) – is this same for you? For me, it would be enough (I do not need to change OEM locking as I did not before on e/os as long as it is ON).

Just want to confirm everything before I attempt locking…

EDIT: Just realized, that OEM unlocking is grayed out regardless of the state of get_unlock_ability as it can be only toggled after issuing adb shell su -c 'resetprop ro.boot.flash.locked 1' granting super-user rights. As it stays “ON”, I should be safe locking the bootloader… (being nervous, nevertheless)

2 Likes
119

I’m glad it worked without problems so far :+1:

That’s correct, yes, ro.boot.flash.locked is set back to 0 once you reboot, that flag gets set automatically if the bootloader is unlocked. We only changed it temporarily to make the OEM unlocking toggle changeable.

I hope it is, I wish you luck.
:crossed_fingers:

3 Likes
120

Yes, good luck @cosmic

1 Like
121

The gods were with me: Re-locking the bootloader worked – I am running CalyxOS now with locked bootloader :slight_smile:

For the record after re-enabling the OEM unlock toggle and OEM unlocking like described, I did:

  • boot into fastboot mdoe
  • fastboot flashing lock_critical
  • rebooting into Calyx, reenabling USB debugging and granting connected PC adb rights
  • rebooting into fastboot mode
  • fastboot flashing lock
  • rebooting into CalyxOS

I am very happy this worked, thank you!

7 Likes
122

:tada: :tada: :tada:

I’m really glad this worked :metal:

Not gonna lie, I was really nervous about this as well!

4 Likes
123

Congratulations!

For the record: what is the state of the OEM-toggle and fastboot flashing get_unlock_ability now that you have locked the bootloader?

2 Likes
124

Without having changed anything, OEM toggle is now “OFF”, but not grayed-out anymore (can be toggled). Don’t know about the state of get_unlock_ability yet, will check ASAP, but I assume it is 0 now.

2 Likes
125

Not greyed out is to be expected, but “OFF”, hmm… :thinking:
I don’t like that it keeps resetting. We really need to know at which point this happens, if it got reset when locking the bootloader again this could have still bricked the phone.

Edit: Ok, after some digging, turns out the devinfo partition that gets flashed with the updated script stores that kind of information and the answer was in this forum all along :man_facepalming:

Now we need to figure out why it doesn’t get saved :thinking:

126

Just had a look and indeed get_unlock_ability was set to 0 (setting OEM unlock to “OFF”) after issuing fastboot flashing lock (was not the case after fastboot flashing lock_critical).

Yes. At least in my case, in summary the state of OEM unlock was affected at two occasions:

  • after flashing: OEM unlock went from “ON” to “OFF” (get_unlock_ability from 1 to 0) and OEM unlock toggle disabled (grayed out)
  • after bootloader locking (fastboot flashing lock): OEM unlock went from “ON” to “OFF”, but remained active (i.e. can be toggled)
2 Likes
127

Whopsie, that’s a problem, it should be ${FASTBOOT_BIN} --set-active=a.
I’ll fix that for the next release.

You are correct :wink:

3 Likes
128

As suggested I contacted the support and was able to send the Fairphone to a repair shop.
The cost was 30€.
After 2-3 weeks I got it back and it was restored to its factory default state.

6 Likes
129

For completeness (didn’t have access to my FP4 earlier): mine looks like this (from Stock to CalyxOS, bootloader locked):

OEM-Entsperrung

And

get_unlock_ability is 0

2 Likes
130

Definitely don’t lock your bootloader in that case (as you are probably already know :slightly_smiling_face:)!

Since my method of unlocking the OEM switch works, but for @cosmic get_unlock_ability was reset to 0 again afterwards , better not to tempt fate. as well, tread very carefully here.
The only safe path forward is to wait for the Calyx devs to release a new version based on the updated Fairphone stock images, which they confirmed they will.

Edit: Should have reread your post :man_facepalming:
get_unlock_ability definitely shouldn’t have been reset to 0 again, so let’s hope this gets fixed with the next CalxyOS release. You might have to wipe your phone again then, though :see_no_evil:

3 Likes