Hi there, sorry if this was answered before, I could not find it.
I have read this thread but also could not find the answer Fairphone 5 upgraded to Android 14
Does " * Rollback protection errors are IGNORED when the bootloader is UNLOCKED ." mean, if I unlock the bootloader, i can install /e/os with an older Security Patch Date?
I have a FP5 with Android 14, Security Patch Date January 5th 2025
So if I unlock the bootloader, is it possible to install current community build or official build?
/e/OS build : U community (Security patch: 2024-11-01)
/e/OS build : T official (Security patch: 2024-11-05)
Caution: The FP5 comes with an anti-rollback feature. Google Android anti-roll back feature is supposedly a way to ensure you are running the latest software version, including the latest security patches.
If you try installing a version of /e/OS based on a security patch that is older than the one on your device, you will brick your device. Click on Details below for detailed information
To check the security patch level on your phone with a locked bootloader, prior to installing /e/OS, open your phone Settings » About Phone » Android Version » Android Security Patch Level.Then compare it against the level of the security patch on the /e/OS build as visible in the Downloads for FP5 section below.
The following values control whether anti-rollback features are triggered on FP5:
Rollback protection errors trigger if you install an update whose version number is LESS than the rollback index’s value stored on device.
The value of rollback index is UPDATED to match ro.build.version.security_patch’s value of the currently installed version, but only if the bootloader is LOCKED.
The value of rollback index is NOT dependent on the currently installed ANDROID VERSION.
The value of rollback index can NEVER be DOWNGRADED.
Rollback protection errors are FATAL when the bootloader is LOCKED.
Rollback protection errors are IGNORED when the bootloader is UNLOCKED.
Here are some examples to help you understand how anti-rollback features work:
Example 1
Your FP5 with Google Android has a Security Patch Level saying June 5, 2022
The /e/OS build available says: /e/OS build : R official (Security patch: 2022-05-05)
In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, and you will brick your phone
Example 2
Your FP5 with Google Android has a Security Patch Level saying June 5, 2022.
The /e/OS build available says: /e/OS build : R official (Security patch: 2022-06-05)
In this example, the /e/OS build has the same Security Patch level than the origin, so the anti-roll back protection will pass, and you will be able to install /e/OS with no issues.
Example 3
Your FP5 runs Google Android -R while /e/OS is now available based on AOSP -S.
Your FP5 with Google Android has a Security Patch Level saying 2022-10-03 or October 3rd, 2022.
The /e/OS build available says: /e/OS build : S official (Security patch: 2022-06-05)
In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, even if the /e/OS version runs on a more recent version of AOSP. In this example, you will brick your phone.
/quote.
The instructions tell us to unlock the bootloader in order to allow to install /e/OS.
The real danger is expressed
Rollback protection errors are FATAL when the bootloader is LOCKED.
Rollback protection errors are IGNORED when the bootloader is UNLOCKED.
Rollback protection errors + user locks the Bootloader; the phone is bricked.
Rollback protection errors + user does not relock the Bootloader; the error is ignored.
leave the bootloader unlocked at least until I installed /e/os with newer Security Patch date as previous installed Android (in my case January 5th 2025)
It seems you have a clue. Which e/os to install on fp 5 with android 14, patch level march 05 2025. The official 2.9 on the e-website is headlined with android 13 and the community-one lacks a real patch-date or I didn’t get it. Can you help me out? Thanks
I see a real patch date of 2025-03-01 … if you are thinking why not the 5th of the month, I cannot fully explain … but everyone is being upfront in saying that this is behind the notional expectation of 5th of the month.
Did you read Different Build Types to help you decide if you prefer official or community ??
Hi, I know this topic has been discussed a lot and maybe you think I should create a separate thread for this. Let me know and I will. But this thread seems quite related.
I have a Fairphone 5 since a few months, to my great dismay it came with Google Android, I assumed all Fairphones came with eOS. Anyway I managed to install eOS a few months back using /e/OS Installer. It left the bootloader unlocked (I get that “hacker screen” and the security warning on every start/restart).
This “hacker screen” was also to my great dismay, being a life long Apple fan boy until now. And as you know with Apple everything just works. I couldn’t imagine I’d get a “hacked phone” as a result, even if it seems from this conversation you as a user are informed of this before launching the installer. So my bad I guess.
I chose to ignore this until now considering the risks of bricking the phone discussed here.
I would now like to try and sort this issue out. But I would really need step by step instructions and am hoping someone could help me with that.
First off these are my android eOS versions
Android 13
Security patch Android: 5 mars 2025
/e/OS 2.9-t-202503211478215-official-FP5
Would this combination be a candidate for fixing the issue or should I wait for newer eOS updates before attempting to lock the bootloader? On the surface the Android patch is from 2025-03-05 and the eOS version is from 2025-03-21, which means eOS is “newer” than the security patch in Android. But maybe the margin is too slim? Does anyone know?
And I would need simple step by step instructions for how to lock the bootloader.
Sorry for a long winded post. Like I said, let me know if I should put it as it’s own thread.
The vital missing detail is the Android SPL at the time you unlocked the phone in order to install /e/OS.
You will be aware from the above that the index on your phone “remembers” the SPL in its last locked state.
No good in hindsight but if you had any evidence of the “locked in SPL” there would be no guesswork. If however you guess that say the next /e/OS build released about now today is ahead of locked in SPL you might decide to lock it after that update.
Locking the phone will delete all data
The commands to lock the bootloader are at the foot of the install page first link in Post #10 .
I’m also confused about the security patch levels and the locking ability.
I bought a Fairphone 5 a few days ago. I unlocked it and flashed the official 3.0-a14 release. The release notes (gitlab.e.foundation/e/os/releases/-/releases) are saying “This /e/OS 3.0 version includes the Android security patches available as of May 2025.”
The original OS on the Fairphone had the same patch level, so I tried to lock the phone after flashing /e/OS. But after reboot, the phone told me, that the system is corrupted. I was able to recover from this and reflashed /e/Os in an unlocked state.
Then I check the android version:
Android security update: 1 May 2025
Vendor security patch level: 5 May 2025
So it seems, e/OS is four days behind or the original OS was four days ahead.
The e/OS release notes are pointing me to /source.android.com/docs/security/bulletin/2025-05-01. But the page content is talking about security patch of 05.05.2025.
I guess, e/OS and the vendor of the original OS are pointing to the same patch level by using different timestamps?
So I think I have to wait for the next official release before I can lock the phone (on resetting it again in the process)?
Wow, that was a fast response. Then it seems, I messed up with noting the original android version. I’m easy switching numbers. I tried fastboot getvar rollback-index which does not return a result. Without being sure about the original version, I will going to wait the month (or I could try to flash the last OS version provided by Fairephone and check the version string there).
In the meantime, I can at least try out the phone, with keeping in mind that it will be in reset state after the next lock try.
As a note to others, in the excitement of opening and the flashing of a new or secondhand phone it is a good idea to save an image showing the (old) “pre intervention” current Android SPL and Vendor SPL.
Security fixes