e/OS/ for FP5 with recent security patches?

FlavienL · May 4, 2024, 4:53pm

Hello,

I just purchased a brand new FP5 directly from Fairphone.
It came with Android version 13, Kernel version 5.4.219, March 21st 2024, and Android security update “March 5th, 2024”.
As I read on the doc regarding FP5 on https://doc.e.foundation/devices/FP5/install, FP5 has an anti-rollback feature.
The Downloads section for FP5 lists two builds, community and stable. Both have “Security Patch 2024-02-05”.

As I understand it, installing it would trigger the anti-rollback feature, as the version available is older than the one installed. That would brick the device. Oops.

My options, while waiting for a new version of /e/OS that includes March’24 security patches :

Use the fairphone-provided OS, and not /e/OS
Leave the FP5 in its box

Can I help somehow ?
Is it to be expected soon ? Or should I try to build my own following some instructions ? [not sure I’d be bold enough to try that though ]

Thanks,
Flavien.

Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online services phone

Macstodon · May 4, 2024, 5:21pm

Hi - there’s comments about the anti-rollback problem you can read elsewhere on this forum (I’ll try to find the link for you), but regarding the question of when a new e/OS/ release is due - May 16th is V2 day, according to an emailed press release I recieved a few days ago:

https://e.foundation/leaving-apple-murena-and-fairphone-an-earth-friendly-partnership-understanding-the-difference-between-a-vpn-and-hide-m/

Macstodon · May 4, 2024, 5:22pm

You can read more about the anti-rollback problems with FP5 here:

FlavienL · May 17, 2024, 7:55pm

Hi,

ok, thanks for the links.

Great news : A new version is already available with Android security update “2024-04-05” !

I’ll install it shortly. We can close this discussion.

Thanks for the support,
Flavien.

elrond · May 18, 2024, 2:26pm

Please let us know how it worked out. I am also still waiting a bit and just using the phone with FPOS and trying things out.

Macstodon · May 18, 2024, 3:14pm

Yes, V2 came out a few days ago and (at least on my FP5) seems to work very well indeed

I hope your install goes smoothly - please do let us know that it’s all gone well.

elrond · May 18, 2024, 3:18pm

Still reading docs and forum posts. I don’t want to risk this anti-rollback thing (I have the most recent FPOS updated on it. So my security patch level is not that old. It’s rather new). And seeing all sorts of other funky issues (recent apps not working, if one switches ti launcher) makes me still think, I should wait for 2.1 or whatever the next one after 2.0 is (or at least the next month or so).

(

This one started to make me fill less unsure: Anti-rollback issue misunderstanding - #5 by Olivier

)

Macstodon · May 18, 2024, 5:07pm

That sounds very wise if you have a recent security update on it. I haven’t seen anything about the timescale for 2.1, but it probably isn’t too far away.

Macstodon · May 18, 2024, 5:09pm

FYI, in relation to the link in your last post - I did managed to successfully go from android to e/os/ and lock the bootloader, so it certainly can be done.

elrond · May 18, 2024, 5:59pm

There’s actually a thread on whether relocking the bootloader is safe:

After reading https://www.reddit.com/r/LineageOS/comments/n7yo7u/a_discussion_about_bootloader_lockingunlocking/ I will anyway likely not relock my bootloader.

Macstodon · May 18, 2024, 6:05pm

Intresting read! If you scroll through the feedback for V2.0 elsewhere in this forum, there does seem to be a lot of people who leave it unlocked

aibd · May 18, 2024, 8:56pm

To get a second opinion on that, what exactly is the SPL shown in the Settings app.

Maybe Settings > About phone > Android version … tap on Android version, or use the search feature od Settings,

The release notes https://gitlab.e.foundation/e/os/releases/-/releases state

This /e/OS v2.0 version includes the Android security patches available until April 2024.

elrond · May 18, 2024, 9:06pm

I am still on Stock… that’s the reason I was fearing a straight update to current /e/OS, because the SPL is the same as on /e/OS.

My Stock has: 2024-04-05

As I wasn’t yet brave enough for flashing to /e/OS, I don’t know, what /e/OS for FP5 really has, despite the " This /e/OS v2.0 version includes the Android security patches available until April 2024.".

aibd · May 18, 2024, 9:30pm

The text coloured blue is a hyperlink, revealing the exact detail, but states 2024-04-05, so the two are the same.

Technically, as I understand it, this is not a downgrade. (But I can understand why some would wait a month to be sure !)

More fully explained in the “Detail” dropdown.

To check the security patch level on your phone with a locked bootloader, prior to installing /e/OS, open your phone Settings » About Phone » Android Version » Android Security Patch Level.Then compare it against the level of the security patch on the /e/OS build as visible in the Downloads for FP5 section below.

The following values control whether anti-rollback features are triggered on FP5:

Rollback protection errors trigger if you install an update whose version number is LESS than the rollback index’s value stored on device.
The value of rollback index is UPDATED to match ro.build.version.security_patch’s value of the currently installed version, but only if the bootloader is LOCKED.
The value of rollback index is NOT dependent on the currently installed ANDROID VERSION.
The value of rollback index can NEVER be DOWNGRADED.
Rollback protection errors are FATAL when the bootloader is LOCKED.
Rollback protection errors are IGNORED when the bootloader is UNLOCKED.

Here are some examples to help you understand how anti-rollback features work:

Example 1

Your FP5 with Google Android has a Security Patch Level saying June 5, 2022
The /e/OS build available says: /e/OS build : R stable (Security patch: 2022-05-05)
In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, and you will brick your phone

Example 2

Your FP5 with Google Android has a Security Patch Level saying June 5, 2022.
The /e/OS build available says: /e/OS build : R stable (Security patch: 2022-06-05)
In this example, the /e/OS build has the same Security Patch level than the origin, so the anti-roll back protection will pass, and you will be able to install /e/OS with no issues.

Example 3

Your FP5 runs Google Android -R while /e/OS is now available based on AOSP -S.
Your FP5 with Google Android has a Security Patch Level saying 2022-10-03 or October 3rd, 2022.
The /e/OS build available says: /e/OS build : S stable (Security patch: 2022-06-05)
In this example, the /e/OS build has an older Security Patch level than the origin, so the anti-roll back protection will trigger, even if the /e/OS version runs on a more recent version of AOSP. In this example, you will brick your phone.