You successfully summoned me
If all you are trying to do is check the functionality and then send it to Cordon no need to lock the bootloader IMO, they’ll probably reflash the phone as a matter of policy.
But let’s get into it anyway
Calyx only locks the bootloader and doesn’t lock the critical partitions beforehand (because you can’t touch those with a locked bootloader anyway), so those being already unlocked is perfectly fine as you suspected.
There is your first problem, you don’t want to boot into the OS before locking because the first boot resets get_unlock_ability
.
- Open the
flash_fp4_factory.command
file in the folder where you extracted the Fairphone factory images and change line 23 toREBOOT_TO_BOOTLOADER="true"
- Get the new SHA256SUM for the script (
sha256sum flash_fp4_factory.command
if you are on Linux) and replace the one in theSHA256SUM
file with it (last line) - Run the installation again and check
fastboot flashing get_unlock_ability
afterwards
(Yeah I have no idea either why the official script boots you into the system and the docs instruct you to lock it afterwards, which makes it waaay more unsafe
I mean just make locking the bootloader part of the script and automatically check get_unlock_ability
beforehand, like Calyx does, that would have saved so many devices from needlessly having to be sent to Cordon. But I’ve honestly given up at this point, this stuff isn’t going to change.)
No, you don’t, CalyxOS follows Fairphones SPL (you can see the updates here), so as long as you install the latest FPOS release ( FP4.TP2D.C.0112 in this case), or update your system to that state if current factory releases aren’t available, you should never end up with a security patch level that makes it impossible to lock your bootloader.
TL;DR: I wouldn’t lock it just for a check, but if you want to don’t boot into it and always check get_unlock_ability
.