Security Updates for /e/: "Trust" App says "vendor: outdated"

Hi everyone!

A quick question: I have the latest version of /e/ on my phone and noticed the “Trust” feature (Settings->Security->Trust). When I go there it says: “Android security patches: Plattform: current, vendor: outdated”. (I do not have my phone in English so the exact phrasing may be different).

Why is the vendor part outdated? Is it safer to have the official fairphone firmware?

Fairphone 3:

If you have a look at Settings - About phone - (tap on “Android-Version 9”) … the Vendor security patch level is being reported as 5 August 2018, which seems bogus, the phone came out one year later than that.
As for why this date gets reported, I don’t know.

I seem to remember that the date was the same with the stock OS, I don’t know whether Fairphone fixed that in the meantime. But when they do, /e/ should get this, too, I think /e/ gets those patches from Fairphone.

Fairphone 2:

The Vendor security patch level is being reported as outdated because it is.
Qualcomm as the main vendor “patcher” ended support for the Snapdragon 801 SoC of the Fairphone 2 long ago, and there’s nothing more coming.

Curious indeed! Thanks for clarifying!

Also: Sorry for not being clear enough: I was talking about the FP3.

Stock OS for the FP3 does not show the vendor patch date.

1 Like


Here is the corresponding issue :

I still dont understand. Does /e/ also deliver current Kernel and Modem?
Only for FP3?

The /e/ install only concern system and kernel,
no pit, no modem, no csc, no vendor, , , ,

Edith : this is valable for old (non treble) devices and for GSI

Even for the FP3?
So that means I often need to go back to STOCK to install the current firmware? Thats crazy…

Of course not. /e/ have an official partnership with Fairphone, so they get this stuff.

No, on the FP3, and treble devices, you should be able to overwrite the vendor firmware without touching the system part cause they are located on différents partions

That’s what I thought. So that means /e/ is able to deliver security on every level?
Because its a common criticism of LineageOS that only the OS level is up to date.

How would users go about updating this?

You update /e/. End of story :wink: .

1 Like

In theory :
Take the official firmware compressed folder, extract the content with a tar décrypter, select the appropriate sub-compressed-folder, and flash it !
But where to find it ?
Fairphone compagnie is actting as an assembler technician, that take hardware elements parts from third party providers, those are sold with proprietary drivers witch are rarely updated ( or compagnie have to to pay for it ) because the manufacturers nomore build this product and don’t care.

In practice: Could you please have a look at the /e/ Fairphone 3 install/update files, which are straight partition images to flash, and enlighten us what’s missing there and why /e/ wouldn’t get drivers and patches to include from Fairphone via their official partnership?

1 Like

Probably to cut things short, here the list of files in the /e/ install archive for FP3:


As you can see, it includes vendor.img that gets flashed to the vendor partition.


Can someone tell me the current “Vendor security patch level” for the FP3+?

My FP3+ currently says:
Android security patch level: February 5, 2021
Vendor security patch level: December 5, 2020
Build date: Tue Mar 16 07:58:38 UTC 2021
So the “Vendor security patch level” looks a little outdated.

I just updated my FP3+ using the fastboot way to:


The FP3/FP3+ stock firmware contains a lot more partition images than e/OS.

Just have a look into the partition.xml.
Sadly the FP3+ has so much partitions, I don’t have a clue what they all are for…
But these images changed between FP3-REL-Q-3.A.0077-20201221.124002-user-fastbootimage.7z and and are not included into the e/OS ZIP:

I checked the partitions hashes on my FP3+.
modem_a / modem_b are identical to the NON-HLOS.bin from FP3-REL-Q-3.A.0077-20201221.124002-user-fastbootimage.7z. And that was the last stock ROM I used before switching to e/OS.
The other partitions have hashes I couldn’t find in the stock 0077 or 0084 archive.


(full partition list from partition.xml)
  <partition label="modem_a" size_in_kb="90112" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="true" filename="NON-HLOS.bin"/>
  <partition label="modem_b" size_in_kb="90112" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="NON-HLOS.bin"/>
  <partition label="fsc" size_in_kb="1" type="57B90A16-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="ssd" size_in_kb="8" type="2C86E742-745E-4FDD-BFD8-B6A7AC638772" bootable="false" readonly="false" filename=""/>
  <partition label="sbl1_a" size_in_kb="512" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="false" filename="sbl1.mbn"/>
  <partition label="sbl1_b" size_in_kb="512" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="sbl1.mbn"/>
  <partition label="rpm_a" size_in_kb="512" type="098DF793-D712-413D-9D4E-89D711772228" bootable="false" readonly="false" filename="rpm.mbn"/>
  <partition label="rpm_b" size_in_kb="512" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="rpm.mbn"/>
  <partition label="tz_a" size_in_kb="2048" type="A053AA7F-40B8-4B1C-BA08-2F68AC71A4F4" bootable="false" readonly="false" filename="tz.mbn"/>
  <partition label="tz_b" size_in_kb="2048" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="tz.mbn"/>
  <partition label="devcfg_a" size_in_kb="256" type= "F65D4B16-343D-4E25-AAFC-BE99B6556A6D" bootable="false" readonly="false" filename="devcfg.mbn"/>
  <partition label="devcfg_b" size_in_kb="256" type= "77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="devcfg.mbn"/>
  <partition label="dsp_a" size_in_kb="16384" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename="adspso.bin"/>
  <partition label="dsp_b" size_in_kb="16384" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="adspso.bin"/>
  <partition label="modemst1" size_in_kb="1536" type="EBBEADAF-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="modemst2" size_in_kb="1536" type="0A288B1F-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="DDR" size_in_kb="32" type="20A0C19C-286A-42FA-9CE7-F64C3226A794" bootable="false" readonly="true"/>
  <partition label="fsg" size_in_kb="1536" type="638FF8E2-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="true" filename=""/>
  <partition label="sec" size_in_kb="16" type="303E6AC3-AF15-4C54-9E9B-D9A8FBECF401" bootable="false" readonly="true" filename=""/>
  <partition label="splash" size_in_kb="11264" type="20117f86-E985-4357-B9EE-374BC1D8487D" bootable="false" readonly="false" filename="splash.img"/>
  <partition label="aboot_a" size_in_kb="3072" type="400FFDCD-22E0-47E7-9A23-F16ED9382388" bootable="false" readonly="true" filename="emmc_appsboot.mbn"/>
  <partition label="aboot_b" size_in_kb="3072" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="emmc_appsboot.mbn"/>
  <partition label="dtbo_a" size_in_kb="8192" type="24d0d418-d31d-4d8d-ac2c-4d4305188450" bootable="false" readonly="true" filename="dtbo.img"/>
  <partition label="dtbo_b" size_in_kb="8192" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="dtbo.img"/>
  <partition label="vbmeta_a" size_in_kb="64" type="4b7a15d6-322c-42ac-8110-88b7da0c5d77" bootable="false" readonly="true" filename="vbmeta.img"/>
  <partition label="vbmeta_b" size_in_kb="64" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="vbmeta.img"/>
  <partition label="boot_a" size_in_kb="65536" type="20117F86-E985-4357-B9EE-374BC1D8487D" bootable="false" readonly="true" filename="boot.img"/>
  <partition label="boot_b" size_in_kb="65536" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="boot.img"/>
  <partition label="devinfo" size_in_kb="1024" type="1B81E7E6-F50D-419B-A739-2AEEF8DA3335" bootable="false" readonly="true" filename=""  sparse="true"/>
  <partition label="system_a" size_in_kb="3145728" type="97D7B011-54DA-4835-B3C4-917AD6E73D74" bootable="false" readonly="true" filename="system.img" sparse="true"/>
  <partition label="system_b" size_in_kb="3145728" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="system.img" sparse="true"/>
  <partition label="vendor_a" size_in_kb="1048576" type="97D7B011-54DA-4835-B3C4-917AD6E73D74" bootable="false" readonly="true" filename="vendor.img" sparse="true"/>
  <partition label="vendor_b" size_in_kb="1048576" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="vendor.img" sparse="true"/>
  <partition label="persist" size_in_kb="32768" type="6C95E238-E343-4BA8-B489-8681ED22AD0B" bootable="false" readonly="false" filename="" />
  <partition label="misc" size_in_kb="1024" type="82ACC91F-357C-4A68-9C8F-689E1B1A23A1" bootable="false" readonly="false" filename="" />
  <partition label="keystore" size_in_kb="512" type="DE7D4029-0F5B-41C8-AE7E-F6C023A02B33" bootable="false" readonly="false" filename="" />
  <partition label="prodinfo" size_in_kb="2048" type="21130059-3BE9-441A-A9A8-64A3A62B1A32" bootable="false" readonly="false" filename=""/>
  <partition label="config" size_in_kb="32" type="91b72d4d-71e0-4cbf-9b8e-236381cff17a" bootable="false" readonly="false" filename="config.bin" />
  <partition label="oem" size_in_kb="262144" type="7db6ac55-ecb5-4e02-80da-4d335b973332" bootable="false" readonly="false" filename="" />
  <partition label="limits" size_in_kb="32" type="10A0C19C-516A-5444-5CE3-664C3226A794" bootable="false" readonly="true"/>
  <partition label="mota" size_in_kb="512" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename=""/>
  <partition label="dip" size_in_kb="1024" type="4114B077-005D-4E12-AC8C-B493BDA684FB" bootable="false" readonly="false" filename=""/>
  <partition label="mdtp_a" size_in_kb="32768" type="3878408A-E263-4B67-B878-6340B35B11E3" bootable="false" readonly="false" filename="mdtp.img"/>
  <partition label="mdtp_b" size_in_kb="32768" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="mdtp.img"/>
  <partition label="syscfg" size_in_kb="512" type="098DF793-D712-413D-9D4E-89D711772228" bootable="false" readonly="false" filename=""/>
  <partition label="mcfg" size_in_kb="4096" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename=""/>
  <partition label="lksecapp_a" size_in_kb="128" type="A11D2A7C-D82A-4C2F-8A01-1805240E6626" bootable="false" readonly="true" filename="lksecapp.mbn"/>
  <partition label="lksecapp_b" size_in_kb="128" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="lksecapp.mbn"/>
  <partition label="cmnlib_a" size_in_kb="1024" type="73471795-AB54-43F9-A847-4F72EA5CBEF5" bootable="false" readonly="true" filename="cmnlib_30.mbn"/>
  <partition label="cmnlib_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="cmnlib_30.mbn"/>
  <partition label="cmnlib64_a" size_in_kb="1024" type="8EA64893-1267-4A1B-947C-7C362ACAAD2C" bootable="false" readonly="true" filename="cmnlib64_30.mbn"/>
  <partition label="cmnlib64_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="cmnlib64_30.mbn"/>
  <partition label="keymaster_a" size_in_kb="1024" type="E8B7CF6E-5694-4627-8A2A-899B09F2DBEA" bootable="false" readonly="true" filename="km4.mbn"/>
  <partition label="keymaster_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="km4.mbn"/>
  <partition label="apdp" size_in_kb="256" type="E6E98DA2-E22A-4D12-AB33-169E7DEAA507" bootable="false" readonly=" false" filename=""/>
  <partition label="msadp" size_in_kb="256" type="ED9E8101-05FA-46B7-82AA-8D58770D200B" bootable="false" readonly="false" filename=""/>
  <partition label="dpo" size_in_kb="8" type="11406F35-1173-4869-807B-27DF71802812" bootable="false" readonly="false" filename=""/>
  <partition label="logdump" size_in_kb="65536" type="5AF80809-AABB-4943-9168-CDFC38742598" bootable="false" readonly="false" filename="" />
  <partition label="frp" size_in_kb="512" type="8FA2AD2C-27DF-4B49-8C33-2DDD968078BE" bootable="false" readonly="false" filename="frp.bin"/>
  <partition label="product_a" size_in_kb="131072" type="9D72D4E4-9958-42DA-AC26-BEA7A90B0434" bootable="false" readonly="false" filename="product.img" sparse="true"/>
  <partition label="product_b" size_in_kb="131072" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="product.img" sparse="true" />
  <partition label="userdata" size_in_kb="2658048" type="1B81E7E6-F50D-419B-A739-2AEEF8DA3335" bootable="false" readonly="false" filename="userdata.img" sparse="true"/>

The release notes for the update I’m using say, it has the stock update 3.A.077 imported. So I guess I shouldn’t expect anything newer than December 2020.

Nevertheless I still like to know if all those partitions get somehow updated by e/OS in general.
Does this maybe happen after the first post update boot when there’s the completing update notification?

And I still like to know when the “Vendor security patch level” is expected to raise when using e/OS :slight_smile:

Do these vendor firmware security patches supplied via an /e/ update only occur for certain phones, such the fairphone?

I have a moto g7 plus. Will I get the vendor firmware updates via /e/?