Anti-rollback issue misunderstanding

Hello.

I’m about to try to install /e/os on a brand new Fairphone FP5. This is a first for me, given that I’m brand new to both Fairphone and /e/os.

I’ve stumbled on the anti-rollback issue, which I do not perfectly understand. Hence I stopped the process.

Here are the informations that I have:

• Android Security Patch Level: March 5, 2024
• I downloaded stable Android T(13) file : IMG-e-1.21-t-20240323388918-stable-FP5.zip (from here: https://images.ecloud.global/stable/FP5/)

Now, what makes me suspicious is:

• https://doc.e.foundation/devices/FP5/install page states: “Downloads for FP5 /e/OS build : T stable (Security patch: 2024-02-05)”
  ==> This means to me: “do not install this version of /e/os because it is based on a security patch that is older than the one on my device”
• while following step by step the install guide, I unlocked the bootloader of my device, and previous page mentions “Rollback protection errors are IGNORED when the bootloader is UNLOCKED.”
  ==> This means to me: “I can install this version of /e/os since the bootloader is unlocked, so that will be ignored”

So what should I do: proceed with the install? wait until the /e/os build is based on a security patch >2024-02-05 (while making sure that the phone remains in current security patch)? how about restoring or not the bootloader locking after that?

Thank you very much in advance.

Note: I browsed through the messages and read the following ones, but without fully understanding them:

• Can I get a confirmation on anti-rollback without re-locking bootloader?
• Two quick questions before installing /e/OS on an FP5 (anti-rollback feature + skip microg)

Do you wish and intend long term to run your FP5 with a locked bootloader ?

• Some thoughts here, https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/.
• Of significance if one considered to “lock the phone at a later date”, I believe it to be the case that every time you lock or unlock the bootloader the device will Factory reset.

Hello and thank you, @aibd.
The Reddit post you mention is very interesting, and lead me to make up my mind regarding bootloader locking: I won’t relock the bootloader, after installing /e/os.

I want to avoid my rewording of the documentation, but does looking at it like this solve the misunderstanding ?

On the other hand the group of users who do wish to relock the bootloader should follow the advice carefully. Failure to do so has resulted in reports of users having to pay for a “re-imaging service” at Fairphone, as no other user fix seems available. The point of failure is reported to come at Locking the Bootloader.

I think I see the light now.
I understand that :

• bootloader unlocking is a requirement for /e/os installation. At that installation step, there is no risk of phone bricking, given that “Rollback protection errors are IGNORED when the bootloader is UNLOCKED."
• If the bootloader remains unlocked from now on, there’s no more risk of phone bricking. This is my intent: no relocking of the bootloader, given that the evil maid risk treatment option is: accept (I’m a cybersecurity consultant, hence the risk analysis bias ^v^)
• If I relock the bootloader later on, well, I don’t know what, so won’t relock the bootloader.

All in all, I will then proceed to the i/e/os installation.

Thanks a lot, @aibd.

This topic was automatically closed after 180 days. New replies are no longer allowed.