Not in iodè
Not in calyxOS
Both are privacy and security focused with verified boot. root and root debugging is not part of this philosophy…
Both are possible to root
But is not suggested and not supported and not the Default
Not in iodè
Not in calyxOS
Both are privacy and security focused with verified boot. root and root debugging is not part of this philosophy…
Both are possible to root
But is not suggested and not supported and not the Default
resetprop
is a feature of Magisk to change read-only properties, so no. But installing the Magisk app and fastboot boot
ing a Magisk patched boot.img
should be enough for this to work.
That’s a function declared somewhere else in the script, has been used before to flash the other partitions. It’s essentially a fancy way of saying fastboot flash foo
with some error handling. ${FASTBOOT_BIN}
is just a variable to point to the included fastboot
.
It does, that’s why we need to set ro.boot.flash.locked
to 1
so the system thinks the bootloader is locked and the toggle gets enabled.
But only in /e/OS
Not in iodè and calyx because of verified boot. Both does not allow to boot any not signed images, recoverys or kernels
Not in iodè and calyx because of verified boot. Both does not allow to boot any not signed images, recoverys or kernels
We are talking unlocked bootloader here, that only applies if you locked it, I’m running Magisk on Calyx right now.
How else would I have been able to change that property on a Calyx device that got changed to get_unlock_property=0
?
I managed to set
get_unlock_ability
back to1
again (with an unlocked bootloader, don’t get your hopes up) by using Magisksresetprop
…
The part in bold is important here. This isn’t a way to revive bricked phones, only a possibility to maybe save people beforehand.
installing the Magisk app and
fastboot boot
ing a Magisk patchedboot.img
should be enough for this to work.
I would like to give this a try since I want to use CalyxOS with a locked bootloader. However, I’ve never used Magisk or patched a boot.img to use it – would it be possible for you to point me in the right directions to get started/roughly guide me what I need to do? I would very much appreciate the help!
thanks a lot hirnshushi.
You show a working but not so easy way.
I think, no problem for an expierienced user. But for a novice, it is more than easy.
Maybe there will be an easy solution in the future…
would it be possible for you to point me in the right directions to get started/roughly guide me what I need to do?
Sure
Keep in mind that I haven’t tested this, because I didn’t lock my bootloader afterwards and I can’t guarantee that there’s no possibility left to brick your phone!
With that out of the way, download the boot.img
and the Magisk.apk
(for others trying this on a different ROM, please use the corresponding boot.img
for that ROM!) from those two links to your PC…
For anyone trying out CalyxOS, here’s a Calyx
boot.img
patched with Magisk v24.3.
…and enable ADB debugging on your FP4 if you haven’t already.
adb install Magisk-v24.3.apk
or transferring the .apk
to your phoneadb reboot bootloader
and fastboot boot calyx-3.3.2_magisk_boot.img
should boot you into a Magisk enabled Calyxadb shell su -c 'resetprop ro.boot.flash.locked 1'
should show a prompt on your phone screen to grant root privileges…adb reboot bootloader
and most importantly check if fastboot flashing get_unlock_ability
actually returns 1
fastboot flashing lock
Maybe there will be an easy solution in the future…
There might be, I only went with the tools I know, so others more knowledgeable in low level stuff maybe can help here
- Install the Magisk app by either running
adb install Magisk-v24.3.apk
or transferring the.apk
to your phoneadb reboot bootloader
andfastboot boot calyx-3.3.2_magisk_boot.img
should boot you into a Magisk enabled Calyxadb shell su -c 'resetprop ro.boot.flash.locked 1'
should show a prompt on your phone screen to grant root privileges…- Change OEM unlocking to on in Developer options.
adb reboot bootloader
and most importantly check iffastboot flashing get_unlock_ability
actually returns1
Thank you very much for the guide – OEM re-enabling worked! After having booted with the patched boot.img and issuing adb shell su -c 'resetprop ro.boot.flash.locked 1'
, OEM unlocking can be toggled again and in fastboot, get_unlock_ability
is back to 1
.
Before attempting to lock the bootloader, I rebooted again normally without the patched boot.img. OEM unlocking still is set to “on”, but again cannot be toggled anymore (greyed-out) – is this same for you? For me, it would be enough (I do not need to change OEM locking as I did not before on e/os as long as it is ON).
Just want to confirm everything before I attempt locking…
EDIT: Just realized, that OEM unlocking is grayed out regardless of the state of get_unlock_ability
as it can be only toggled after issuing adb shell su -c 'resetprop ro.boot.flash.locked 1'
granting super-user rights. As it stays “ON”, I should be safe locking the bootloader… (being nervous, nevertheless)
I’m glad it worked without problems so far
OEM unlocking is grayed out regardless of the state of
get_unlock_ability
as it can be only toggled after issuingadb shell su -c 'resetprop ro.boot.flash.locked 1'
That’s correct, yes, ro.boot.flash.locked
is set back to 0
once you reboot, that flag gets set automatically if the bootloader is unlocked. We only changed it temporarily to make the OEM unlocking toggle changeable.
As it stays “ON”, I should be safe locking the bootloader… (being nervous, nevertheless)
I hope it is, I wish you luck.
The gods were with me: Re-locking the bootloader worked – I am running CalyxOS now with locked bootloader
For the record after re-enabling the OEM unlock toggle and OEM unlocking like described, I did:
fastboot flashing lock_critical
fastboot flashing lock
I am very happy this worked, thank you!
I’m really glad this worked
Not gonna lie, I was really nervous about this as well!
Congratulations!
For the record: what is the state of the OEM-toggle and fastboot flashing get_unlock_ability
now that you have locked the bootloader?
Without having changed anything, OEM toggle is now “OFF”, but not grayed-out anymore (can be toggled). Don’t know about the state of get_unlock_ability
yet, will check ASAP, but I assume it is 0
now.
Not greyed out is to be expected, but “OFF”, hmm…
I don’t like that it keeps resetting. We really need to know at which point this happens, if it got reset when locking the bootloader again this could have still bricked the phone.
Edit: Ok, after some digging, turns out the devinfo
partition that gets flashed with the updated script stores that kind of information and the answer was in this forum all along
I possibly have an easy way to unlock without factory resetting.Thanks to @Ingo for checking that
Before explaining how it works, I would like to ask someone who has never been unlocked to get me a dump of the devinfo partition. To do that, you’ll need: And the attached <a class="attachment" href="/uploads/short-url/zPPivHFMg8DKzlT2lHAFKMeYlFq.gpx">prog_emmc_firehose_8953_ddr.gpx</a> (434.9 KB) Power off your phone Run ./edl.py r devinfo devinfo.bin --loa…
Now we need to figure out why it doesn’t get saved
Don’t know about the state of
get_unlock_ability
yet, will check ASAP, but I assume it is0
now.
Just had a look and indeed get_unlock_ability
was set to 0
(setting OEM unlock to “OFF”) after issuing fastboot flashing lock
(was not the case after fastboot flashing lock_critical
).
We really need to know at which point this happens, if it got reset when locking the bootloader again this could have still bricked the phone.
Yes. At least in my case, in summary the state of OEM unlock was affected at two occasions:
get_unlock_ability
from 1
to 0
) and OEM unlock toggle disabled (grayed out)fastboot flashing lock
): OEM unlock went from “ON” to “OFF”, but remained active (i.e. can be toggled)echo "INFO: Activating partition slot A" fastboot --set-active=a
Whopsie, that’s a problem, it should be ${FASTBOOT_BIN} --set-active=a
.
I’ll fix that for the next release.
The rest seems to be mostly linting as far as I can tell
You are correct
As suggested I contacted the support and was able to send the Fairphone to a repair shop.
The cost was 30€.
After 2-3 weeks I got it back and it was restored to its factory default state.
For completeness (didn’t have access to my FP4 earlier): mine looks like this (from Stock to CalyxOS, bootloader locked):
And
’get_unlock_ability
is 0
Definitely don’t lock your bootloader in that case (as you are probably already know )!
Since my method of unlocking the OEM switch works, but for @cosmic get_unlock_ability
was reset to 0
again afterwards , better not to tempt fate. as well, tread very carefully here.
The only safe path forward is to wait for the Calyx devs to release a new version based on the updated Fairphone stock images, which they confirmed they will.
Edit: Should have reread your post
get_unlock_ability
definitely shouldn’t have been reset to 0
again, so let’s hope this gets fixed with the next CalxyOS release. You might have to wipe your phone again then, though