I’m a beginner and don’t understand much about installing Murena e/OS via the ‘official install doc’.
But because of advertising from Murena, I finally dared to put Murena e/OS on my fairphone 4 via the simple e/os installer. It all seemed very simple, but now the bootloader is still unlocked and I would like to have it closed because of the safety.
I have read a lot of posts about this and I understand that the phone can break down when the new e/OS is older than the one before relocking the bootloader.
My previous OS was the original Fairphone OS: Google Android 13, security update January 5, 2025.
The new Murena e/OS is Android 14 (Security Update December 01, 2024 / Vendor Security Patch Level July 5, 2024), e/OS version:2.7-u-2025010946037-official-FP4.
I hope some ‘Experts’ can help me:
According to the e.foundation, it is possible to lock the bootloader. Is this true? Because the Fairphone website says: “If you installed a 3rd-party OS, locking your bootloader might prevent your device from booting correctly”.
Is it true that the only problem with locking is the age of the e/OS?
Does this only apply to the date of the security update or also to the Android version (13 vs 14)?
How often will there be a (security) update of e/OS Murena? Maybe I can wait until there has been an update.
Are there more problems I need to avoid?
Is it true that locking the bootloader causes the phone to be wiped?
I have no idea how to lock the bootloader without a simple installer. Who can help me? Preferably in Dutch.
Can I go back to Fairphone’s Google Android via the FP website and then lock the bootloader without breaking the phone?
Can I use my email and banking apps safely while the bootloader is unlocked or is my phone now also vulnerable to hackers who can do something with my phone via the internet?
Indeed, we strongly recommend that you re-lock the bootloader. What’s more, some applications, particularly banking applications, may not work on your device if your bootloader is open.
You can find instructions here at the bottom of the page:
Simply connect the Fairphone 4 in ‘Fastboot’ mode to a PC and enter the commands mentioned in a terminal. (refer to the operating system you’re using on your PC.
ADB & Fastboot, or SDK_Android suite should be first installed)
It’s worth pointing out that all user data will be erased.
From what I understand security is not the main concern with an unlocked bootloader. It thwarts an “evil maid attack” (loading of hostile software while the phone is unattended), but honestly if someone has that kind of access there’s bigger concerns, they’ll probably just steal the phone. Another OS instance could be loaded, but that’s going to delete your data which eliminates that concern.
The main concern with an unlocked bootloader is whether you have apps that require a locked bootloader to function. As far as I know it’s mainly banking apps. So unless you’re actually running into a problem with an app I wouldn’t worry about it.
The biggest concern is that attempting to lock the bootloader on a phone incorrectly can brick it. Some phones can not be bootloader re-locked because it involves a trust certificate for the operating system. If that check fails, the phone will not boot and since you locked the bootloader you can’t recover.
In any case the bootloader can be re-locked on the FP4 with some caveats. See the last section of the installation instructions here
I really want to relock the bootloader.
But I’m afraid to brick my phone.
Do you think that I can relock it when you look at the security patch dates?
The original one is ‘younger’ than the e/OS. So I think it will trigger the anti-rollback feature in mij FP4. But I’m a real noob in this material.
It looked so simpel when I came on the /e/OS Installer website.
Thank you for thinking along and your reactions CraighHB and aidb.
The links from aidb provided more clarity and certainty.
In itself, it is not a problem if my data is deleted. I have a recent backup and all my personal data is on an SD card.
Although I really want to get rid of Big tech, I just don’t have enough experience for this kind of thing. So I’m considering maybe going back to Google Android after all.
I read somewhere on the forum; If I then brick my phone (with Google Android on it), I can send the phone to Fairphone and have it repaired and installed by Fairphone for a fee.
So be it.
Well, personally I’ve relocked the bootloader on my FP4 again, following exactly the procedure described above.
The operation didn’t take more than 5 minutes and I didn’t encounter any problems.
So it shouldn’t be a matter at all.
I think I had to read the rollback index stuff 3 times before I understood it!
It seems to me you already worked out correctly that you cannot install and lock at this time.
It happens often as Fairphone send out phones with latest Google/Android on them but /e/OS generally has a lag on it as this is a project still in active development, that work putting our release dates behind the “base”.
Go back to Fairphone for a while; if you leave it without an update in a month (or two) you can easily reinstall /e/OS when you know the dates are right.
Thanks again for your effort to think along with me! I really appreciate that!
I just did the rollback, carefully step by step (I feel like a pro now, haha).
I’ll go for your advice aidb and then wait quietly to switch to e/OS/ at a better time.
I am now working on turning off all Google apps that can be turned off. I then replace them with, fossify apps and apps from F-Droid and I also use DuckDuckGo in addition to my F-secure subscription to block trackers as much as possible.
In any case, I feel like I do something to protect myself.
Sounds to me like you’re getting the experience you need. It can be a bit complicated, but there’s lots of documentation and resources. We all have to start at the beginning so don’t let that put you off. I mean you’ve already loaded /e/os and restored the original os so I’d say you’re getting into the flat part of the curve.
Personally I wouldn’t put that much concern into the bootloader. I mean it’s nice if you can re-lock for the sake of an app you may or may not have a problem with, but that would be only reason to worry about it.
If you’re really intent on locking the bootloader, you can just run for a while unlocked then do a clean install with a version that is newer than the original.
Thanks for the encouragement. I really appreciate your effort to think along!!
With the experience that I have gained, thanks to the help of you all in this thread, I may be able to help others at a later stage.
Now my phone is back to original with the original FP4 OS, secured and with a locked bootloader. When the e/OS security update has caught up with my phone’s and I have time to work on it, I’ll try again.
When my family members’ phones need to be replaced in the near future, I buy phones with e/OS pre-installed from the Murenashop or Fairphone.
Keep in mind the phones from the Murena shop are not guaranteed to have a locked bootloader. The required certificate comes from the OEM and they don’t always get it. The Pixel phones and the Fairphones have it, but the CMF phone doesn’t. If the phone comes with an unlocked bootloader you’ll see a note about it in the listing.
I didn’t noticed it. I saw this phone and checked the pecs on the website of Nothing, the producer.
Thanks for warning me.
Well, we will buy other ones from Murenashop or Fairphone than.
