Relocking bootloader on SHIFT6mq axolotl

Can I relock the bootloader after a successful installation of /e/ OS v1.0-r and /e/-recovery v1.0-r? I read somewhere that the SHIFT6mq supports overwriting the boot signature but sadly can’t find the article anymore.

The install instructions for the device currently don’t mention locking the bootloader again as compared to other devices where this is mentioned.
As long as it’s missing in the install instructions, I wouldn’t do it.

Thanks for the reply and advice! I’ve seen that too. I hoped that someone, maybe with more techtical knowledge than me, can link me to some kind of document or something else from e.g. the manifacturer.

The answer is not device specific, it is ROM specific; if /e/ had provided the ROM with locking ability, this would be included in the install instructions.

Probably not. Devices need to support bootloader re-locking and so does the rom being installed.
For more info see the links below. The postmarket os one is probably the article you saw. :grinning:

https://wiki.postmarketos.org/wiki/SHIFT_SHIFT6mq_(shift-axolotl)

Thanks for the link! If I understand this correctly, /e/ OS supports relocking the bootloader on (theoretically) any device, but not every device supports overwriting the signature that will be checked on AVB. Correct?
I found the post I saw a while ago: SHIFT6mq - Secure/verified boot? | SHIFTPHONES If the person, marked as shiftOS-developer, can be trusted, the shift6mq supports verified boot:

The SHIFT6mq supports this, as well as SHIFT5me and SHIFT6m.

Wouldn’t that mean that relocking the bootloader (if the os supports it) is an option or am I understanding something wrong?

/e/ supports relocking the bootloader on some devices, e.g. the Fairphone 4. Install /e/ on a Fairphone FP4 - “FP4”

You are right about Fairphone. It is a complicated subject, the Fairphone story is probably the close working relationship /e/ formed with Fiarphone to make this practical as a “specially researched case”.

My point really was for you to look at your question from the point of view of the missing locking components in the ROM.

In my view closer examination of the device technical aspects will not lead so far as understanding what would be required of the ROM. I will post a link to other similar threads.

You are right to say ability to run verified boot is actually required by Android. /e/ users have to accept to go with the flow without meeting that requirement.

So I understand that relocking the bootloader has to be supported on the device as well as the os (where it is device specific). Thanks for your time and explanations.