e/OS/ for FP5 with recent security patches?

Hello,

I just purchased a brand new FP5 directly from Fairphone.
It came with Android version 13, Kernel version 5.4.219, March 21st 2024, and Android security update “March 5th, 2024”.
As I read on the doc regarding FP5 on https://doc.e.foundation/devices/FP5/install, FP5 has an anti-rollback feature.
The Downloads section for FP5 lists two builds, community and stable. Both have “Security Patch 2024-02-05”.

As I understand it, installing it would trigger the anti-rollback feature, as the version available is older than the one installed. That would brick the device. Oops. :face_with_head_bandage:

My options, while waiting for a new version of /e/OS that includes March’24 security patches :

  • Use the fairphone-provided OS, and not /e/OS
  • Leave the FP5 in its box

Can I help somehow ?
Is it to be expected soon ? Or should I try to build my own following some instructions ? [not sure I’d be bold enough to try that though :scream:]

Thanks,
Flavien.

Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online servicesphone

Hi - there’s comments about the anti-rollback problem you can read elsewhere on this forum (I’ll try to find the link for you), but regarding the question of when a new e/OS/ release is due - May 16th is V2 day, according to an emailed press release I recieved a few days ago:

https://e.foundation/leaving-apple-murena-and-fairphone-an-earth-friendly-partnership-understanding-the-difference-between-a-vpn-and-hide-m/

You can read more about the anti-rollback problems with FP5 here:

Hi,

ok, thanks for the links.

Great news : A new version is already available with Android security update “2024-04-05” !

I’ll install it shortly. We can close this discussion.

Thanks for the support,
Flavien.

2 Likes

Please let us know how it worked out. I am also still waiting a bit and just using the phone with FPOS and trying things out.

1 Like

Yes, V2 came out a few days ago and (at least on my FP5) seems to work very well indeed :grin:

I hope your install goes smoothly - please do let us know that it’s all gone well.

1 Like

Still reading docs and forum posts. I don’t want to risk this anti-rollback thing (I have the most recent FPOS updated on it. So my security patch level is not that old. It’s rather new). And seeing all sorts of other funky issues (recent apps not working, if one switches ti launcher) makes me still think, I should wait for 2.1 or whatever the next one after 2.0 is (or at least the next month or so).

(

)

That sounds very wise if you have a recent security update on it. I haven’t seen anything about the timescale for 2.1, but it probably isn’t too far away.

FYI, in relation to the link in your last post - I did managed to successfully go from android to e/os/ and lock the bootloader, so it certainly can be done.

1 Like

There’s actually a thread on whether relocking the bootloader is safe:

After reading https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/ I will anyway likely not relock my bootloader.

1 Like

Intresting read! If you scroll through the feedback for V2.0 elsewhere in this forum, there does seem to be a lot of people who leave it unlocked

1 Like

To get a second opinion on that, what exactly is the SPL shown in the Settings app.

Maybe Settings > About phone > Android version … tap on Android version, or use the search feature od Settings,

The release notes https://gitlab.e.foundation/e/os/releases/-/releases state

This /e/OS v2.0 version includes the Android security patches available until April 2024.

I am still on Stock… that’s the reason I was fearing a straight update to current /e/OS, because the SPL is the same as on /e/OS.

My Stock has: 2024-04-05

As I wasn’t yet brave enough for flashing to /e/OS, I don’t know, what /e/OS for FP5 really has, despite the " This /e/OS v2.0 version includes the Android security patches available until April 2024.".

The text coloured blue is a hyperlink, revealing the exact detail, but states 2024-04-05, so the two are the same.

Technically, as I understand it, this is not a downgrade. (But I can understand why some would wait a month to be sure !)

More fully explained in the “Detail” dropdown.

To check the security patch level on your phone with a locked bootloader, prior to installing /e/OS, open your phone Settings » About Phone » Android Version » Android Security Patch Level.Then compare it against the level of the security patch on the /e/OS build as visible in the Downloads for FP5 section below.

The following values control whether anti-rollback features are triggered on FP5:

  • Rollback protection errors trigger if you install an update whose version number is LESS than the rollback index’s value stored on device.
  • The value of rollback index is UPDATED to match ro.build.version.security_patch’s value of the currently installed version, but only if the bootloader is LOCKED.
  • The value of rollback index is NOT dependent on the currently installed ANDROID VERSION.
  • The value of rollback index can NEVER be DOWNGRADED.
  • Rollback protection errors are FATAL when the bootloader is LOCKED.
  • Rollback protection errors are IGNORED when the bootloader is UNLOCKED.

Here are some examples to help you understand how anti-rollback features work:

Example 1

  • Your FP5 with Google Android has a Security Patch Level saying June 5, 2022
  • The /e/OS build available says: /e/OS build : R stable (Security patch: 2022-05-05)
  • In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, and you will brick your phone

Example 2

  • Your FP5 with Google Android has a Security Patch Level saying June 5, 2022.
  • The /e/OS build available says: /e/OS build : R stable (Security patch: 2022-06-05)
  • In this example, the /e/OS build has the same Security Patch level than the origin, so the anti-roll back protection will pass, and you will be able to install /e/OS with no issues.

Example 3

  • Your FP5 runs Google Android -R while /e/OS is now available based on AOSP -S.
  • Your FP5 with Google Android has a Security Patch Level saying 2022-10-03 or October 3rd, 2022.
  • The /e/OS build available says: /e/OS build : S stable (Security patch: 2022-06-05)
  • In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, even if the /e/OS version runs on a more recent version of AOSP. In this example, you will brick your phone.
2 Likes

Hi,

I updated using my Linux computer. It went smoothly, except I got a small glitch: I started the process with :

$ ./flash_FP5_factory.sh
INFO: One Fairphone 5 in fastboot mode found (serial number: xx123456).
Sending 'bluetooth_a' (3356 KB)                    OKAY [  0.110s]
Writing 'bluetooth_a'                              OKAY [  0.027s]
Finished. Total time: 0.144s
Sending 'bluetooth_b' (3356 KB)                    OKAY [  0.130s]
Writing 'bluetooth_b'                              OKAY [  0.025s]
Finished. Total time: 0.160s
Sending 'devcfg_a' (52 KB)                         OKAY [  0.003s]
Writing 'devcfg_a'                                 OKAY [  0.005s]
[...]
Erasing 'userdata'                                 OKAY [  0.144s]
Finished. Total time: 0.146s
Erasing 'metadata'                                 OKAY [  0.004s]
Finished. Total time: 0.007s
Setting current slot to 'a'                        FAILED (remote: 'Unable to set slot')
fastboot: error: Command failed

I started it again, and it worked fine the second time :

$ ./flash_FP5_factory.sh
...
Setting current slot to 'a'                        OKAY [  0.013s]
Finished. Total time: 0.015s
-----------
INFO: Done. The device will reboot now.
Rebooting                                          OKAY [  0.001s]
Finished. Total time: 0.051s

INFO: You can unplug the USB cable now.

So far, I’ve spotted 2 issues:

  • Signal App : I installed it fine. Then I wanted to transfer my account from my temporary phone to the FP5. Apparently, Signal on the temporary phone was automatically updated on May 13, and even though the version number 7.6.2 is apparently the same on both the temporary phone and the FP5, it refuses to transfer my account to an “older version”. I disabled autoupdate on the temporary one, and I’m waiting for a new version to come in the App Lounge.
  • Netflix refuses to start with a network error. I disabled the “hide my location” feature, but I still get the same error “Sorry we could not reach the Netflix service, please check Network Settings to connect to an available network and use Netflix (15001). (-93)

Nice work !

Flavien.

1 Like

I have seen this error a number of times on this forum already. I start to wonder what’s going on.

Did you just rerun? Or have you done anything in between?

You might try…

  • Aurora instead of the App Lounge. I have seen mentions of older versions on the App Lounge somewhere.
  • Extracting the APK from your old phone
  • There’s a straight download of the current version at https://signal.org/android/apk/.

Is it really at “install time”? Or at “(next) boot time” I would expect the boot being the problem?

… well actually the anti-rollback protection kicks in (or not) under these conditions:

People have reported bricking their phone at the moment of locking. As far as I know there is no documented way for the user the recover the phone (and it has to be returned for some advanced “reimaging” probably using an Emergency Download Mode method).

1 Like