Security Updates for /e/: "Trust" App says "vendor: outdated"

lorain · August 20, 2020, 7:09pm

Hi everyone!

A quick question: I have the latest version of /e/ on my phone and noticed the “Trust” feature (Settings->Security->Trust). When I go there it says: “Android security patches: Plattform: current, vendor: outdated”. (I do not have my phone in English so the exact phrasing may be different).

Why is the vendor part outdated? Is it safer to have the official fairphone firmware?

AnotherElk · August 20, 2020, 7:23pm

Fairphone 3:

If you have a look at Settings - About phone - (tap on “Android-Version 9”) … the Vendor security patch level is being reported as 5 August 2018, which seems bogus, the phone came out one year later than that.
As for why this date gets reported, I don’t know.

~~I seem to remember that the date was the same with the stock OS,~~ I don’t know whether Fairphone fixed that in the meantime. But when they do, /e/ should get this, too, I think /e/ gets those patches from Fairphone.

Fairphone 2:

The Vendor security patch level is being reported as outdated because it is.
Qualcomm as the main vendor “patcher” ended support for the Snapdragon 801 SoC of the Fairphone 2 long ago, and there’s nothing more coming.

lorain · August 20, 2020, 7:30pm

Curious indeed! Thanks for clarifying!

Also: Sorry for not being clear enough: I was talking about the FP3.

Ingo_FP_Angel · August 21, 2020, 7:11am

Stock OS for the FP3 does not show the vendor patch date.

Anonyme · August 24, 2020, 6:11pm

Hi,

Here is the corresponding issue :

Jerryme · September 17, 2020, 8:24pm

I still dont understand. Does /e/ also deliver current Kernel and Modem?
Only for FP3?

piero · September 18, 2020, 11:35am

The /e/ install only concern system and kernel,
no pit, no modem, no csc, no vendor, , , ,

Edith : this is valable for old (non treble) devices and for GSI

Jerryme · September 18, 2020, 4:29pm

Even for the FP3?
So that means I often need to go back to STOCK to install the current firmware? Thats crazy…

AnotherElk · September 18, 2020, 4:38pm

Of course not. /e/ have an official partnership with Fairphone, so they get this stuff.

piero · September 18, 2020, 10:57pm

No, on the FP3, and treble devices, you should be able to overwrite the vendor firmware without touching the system part cause they are located on différents partions

Jerryme · September 19, 2020, 1:41pm

That’s what I thought. So that means /e/ is able to deliver security on every level?
Because its a common criticism of LineageOS that only the OS level is up to date.

athair_birb · September 19, 2020, 2:36pm

How would users go about updating this?

AnotherElk · September 19, 2020, 8:39pm

You update /e/. End of story .

piero · September 20, 2020, 5:18pm

In theory :
Take the official firmware compressed folder, extract the content with a tar décrypter, select the appropriate sub-compressed-folder, and flash it !
But where to find it ?
Fairphone compagnie is actting as an assembler technician, that take hardware elements parts from third party providers, those are sold with proprietary drivers witch are rarely updated ( or compagnie have to to pay for it ) because the manufacturers nomore build this product and don’t care.

AnotherElk · September 20, 2020, 5:33pm

In practice: Could you please have a look at the /e/ Fairphone 3 install/update files, which are straight partition images to flash, and enlighten us what’s missing there and why /e/ wouldn’t get drivers and patches to include from Fairphone via their official partnership?

Ingo_FP_Angel · September 20, 2020, 5:55pm

Probably to cut things short, here the list of files in the /e/ install archive for FP3:

boot.img
dtbo.img
dtbo-pre.img
product.img
ramdisk.img
ramdisk-recovery.img
system.img
userdata.img
vbmeta.img
vendor.img

As you can see, it includes vendor.img that gets flashed to the vendor partition.

kolAflash · March 18, 2021, 2:11am

Can someone tell me the current “Vendor security patch level” for the FP3+?

My FP3+ currently says:
Android security patch level: February 5, 2021
Vendor security patch level: December 5, 2020
Build date: Tue Mar 16 07:58:38 UTC 2021
So the “Vendor security patch level” looks a little outdated.

I just updated my FP3+ using the fastboot way to:
https://images.ecloud.global/dev/FP3/IMG-e-0.15-q-20210316105636-dev-FP3.zip

The FP3/FP3+ stock firmware contains a lot more partition images than e/OS.
https://support.fairphone.com/hc/en-us/articles/360048050332
currently: FP3-REL-Q-3.A.0084-20210204-2.105300-user-fastbootimage-repack.zip

Just have a look into the partition.xml.
Sadly the FP3+ has so much partitions, I don’t have a clue what they all are for…
But these images changed between FP3-REL-Q-3.A.0077-20201221.124002-user-fastbootimage.7z and FP3-REL-Q-3.A.0084-20210204-2.105300-user-fastbootimage-repack.zip and are not included into the e/OS ZIP:

NON-HLOS.bin (modem_a / modem_b)
sbl1.mbn (sbl1_a / sbl1_b - Secondary Bootloader?)
rpm.mbn (rpm_a / rpm_b - Resource/Power Management?)
devcfg.mbn (devcfg_a / devcfg_b - used by TZ for upgrades?)
emmc_appsboot.mbn (aboot_a / aboot_b - Android Bootloader?)
product.img (product_a / product_b - Product partition?)

I checked the partitions hashes on my FP3+.
modem_a / modem_b are identical to the NON-HLOS.bin from FP3-REL-Q-3.A.0077-20201221.124002-user-fastbootimage.7z. And that was the last stock ROM I used before switching to e/OS.
The other partitions have hashes I couldn’t find in the stock 0077 or 0084 archive.

(full partition list from partition.xml)

  <partition label="modem_a" size_in_kb="90112" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="true" filename="NON-HLOS.bin"/>
  <partition label="modem_b" size_in_kb="90112" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="NON-HLOS.bin"/>
  <partition label="fsc" size_in_kb="1" type="57B90A16-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="ssd" size_in_kb="8" type="2C86E742-745E-4FDD-BFD8-B6A7AC638772" bootable="false" readonly="false" filename=""/>
  <partition label="sbl1_a" size_in_kb="512" type="DEA0BA2C-CBDD-4805-B4F9-F428251C3E98" bootable="false" readonly="false" filename="sbl1.mbn"/>
  <partition label="sbl1_b" size_in_kb="512" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="sbl1.mbn"/>
  <partition label="rpm_a" size_in_kb="512" type="098DF793-D712-413D-9D4E-89D711772228" bootable="false" readonly="false" filename="rpm.mbn"/>
  <partition label="rpm_b" size_in_kb="512" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="rpm.mbn"/>
  <partition label="tz_a" size_in_kb="2048" type="A053AA7F-40B8-4B1C-BA08-2F68AC71A4F4" bootable="false" readonly="false" filename="tz.mbn"/>
  <partition label="tz_b" size_in_kb="2048" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="tz.mbn"/>
  <partition label="devcfg_a" size_in_kb="256" type= "F65D4B16-343D-4E25-AAFC-BE99B6556A6D" bootable="false" readonly="false" filename="devcfg.mbn"/>
  <partition label="devcfg_b" size_in_kb="256" type= "77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="devcfg.mbn"/>
  <partition label="dsp_a" size_in_kb="16384" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename="adspso.bin"/>
  <partition label="dsp_b" size_in_kb="16384" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="adspso.bin"/>
  <partition label="modemst1" size_in_kb="1536" type="EBBEADAF-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="modemst2" size_in_kb="1536" type="0A288B1F-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="false" filename=""/>
  <partition label="DDR" size_in_kb="32" type="20A0C19C-286A-42FA-9CE7-F64C3226A794" bootable="false" readonly="true"/>
  <partition label="fsg" size_in_kb="1536" type="638FF8E2-22C9-E33B-8F5D-0E81686A68CB" bootable="false" readonly="true" filename=""/>
  <partition label="sec" size_in_kb="16" type="303E6AC3-AF15-4C54-9E9B-D9A8FBECF401" bootable="false" readonly="true" filename=""/>
  <partition label="splash" size_in_kb="11264" type="20117f86-E985-4357-B9EE-374BC1D8487D" bootable="false" readonly="false" filename="splash.img"/>
  <partition label="aboot_a" size_in_kb="3072" type="400FFDCD-22E0-47E7-9A23-F16ED9382388" bootable="false" readonly="true" filename="emmc_appsboot.mbn"/>
  <partition label="aboot_b" size_in_kb="3072" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="emmc_appsboot.mbn"/>
  <partition label="dtbo_a" size_in_kb="8192" type="24d0d418-d31d-4d8d-ac2c-4d4305188450" bootable="false" readonly="true" filename="dtbo.img"/>
  <partition label="dtbo_b" size_in_kb="8192" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="dtbo.img"/>
  <partition label="vbmeta_a" size_in_kb="64" type="4b7a15d6-322c-42ac-8110-88b7da0c5d77" bootable="false" readonly="true" filename="vbmeta.img"/>
  <partition label="vbmeta_b" size_in_kb="64" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="vbmeta.img"/>
  <partition label="boot_a" size_in_kb="65536" type="20117F86-E985-4357-B9EE-374BC1D8487D" bootable="false" readonly="true" filename="boot.img"/>
  <partition label="boot_b" size_in_kb="65536" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="boot.img"/>
  <partition label="devinfo" size_in_kb="1024" type="1B81E7E6-F50D-419B-A739-2AEEF8DA3335" bootable="false" readonly="true" filename=""  sparse="true"/>
  <partition label="system_a" size_in_kb="3145728" type="97D7B011-54DA-4835-B3C4-917AD6E73D74" bootable="false" readonly="true" filename="system.img" sparse="true"/>
  <partition label="system_b" size_in_kb="3145728" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="system.img" sparse="true"/>
  <partition label="vendor_a" size_in_kb="1048576" type="97D7B011-54DA-4835-B3C4-917AD6E73D74" bootable="false" readonly="true" filename="vendor.img" sparse="true"/>
  <partition label="vendor_b" size_in_kb="1048576" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="vendor.img" sparse="true"/>
  <partition label="persist" size_in_kb="32768" type="6C95E238-E343-4BA8-B489-8681ED22AD0B" bootable="false" readonly="false" filename="" />
  <partition label="misc" size_in_kb="1024" type="82ACC91F-357C-4A68-9C8F-689E1B1A23A1" bootable="false" readonly="false" filename="" />
  <partition label="keystore" size_in_kb="512" type="DE7D4029-0F5B-41C8-AE7E-F6C023A02B33" bootable="false" readonly="false" filename="" />
  <partition label="prodinfo" size_in_kb="2048" type="21130059-3BE9-441A-A9A8-64A3A62B1A32" bootable="false" readonly="false" filename=""/>
  <partition label="config" size_in_kb="32" type="91b72d4d-71e0-4cbf-9b8e-236381cff17a" bootable="false" readonly="false" filename="config.bin" />
  <partition label="oem" size_in_kb="262144" type="7db6ac55-ecb5-4e02-80da-4d335b973332" bootable="false" readonly="false" filename="" />
  <partition label="limits" size_in_kb="32" type="10A0C19C-516A-5444-5CE3-664C3226A794" bootable="false" readonly="true"/>
  <partition label="mota" size_in_kb="512" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename=""/>
  <partition label="dip" size_in_kb="1024" type="4114B077-005D-4E12-AC8C-B493BDA684FB" bootable="false" readonly="false" filename=""/>
  <partition label="mdtp_a" size_in_kb="32768" type="3878408A-E263-4B67-B878-6340B35B11E3" bootable="false" readonly="false" filename="mdtp.img"/>
  <partition label="mdtp_b" size_in_kb="32768" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="mdtp.img"/>
  <partition label="syscfg" size_in_kb="512" type="098DF793-D712-413D-9D4E-89D711772228" bootable="false" readonly="false" filename=""/>
  <partition label="mcfg" size_in_kb="4096" type="EBD0A0A2-B9E5-4433-87C0-68B6B72699C7" bootable="false" readonly="false" filename=""/>
  <partition label="lksecapp_a" size_in_kb="128" type="A11D2A7C-D82A-4C2F-8A01-1805240E6626" bootable="false" readonly="true" filename="lksecapp.mbn"/>
  <partition label="lksecapp_b" size_in_kb="128" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="lksecapp.mbn"/>
  <partition label="cmnlib_a" size_in_kb="1024" type="73471795-AB54-43F9-A847-4F72EA5CBEF5" bootable="false" readonly="true" filename="cmnlib_30.mbn"/>
  <partition label="cmnlib_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="cmnlib_30.mbn"/>
  <partition label="cmnlib64_a" size_in_kb="1024" type="8EA64893-1267-4A1B-947C-7C362ACAAD2C" bootable="false" readonly="true" filename="cmnlib64_30.mbn"/>
  <partition label="cmnlib64_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="cmnlib64_30.mbn"/>
  <partition label="keymaster_a" size_in_kb="1024" type="E8B7CF6E-5694-4627-8A2A-899B09F2DBEA" bootable="false" readonly="true" filename="km4.mbn"/>
  <partition label="keymaster_b" size_in_kb="1024" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="true" filename="km4.mbn"/>
  <partition label="apdp" size_in_kb="256" type="E6E98DA2-E22A-4D12-AB33-169E7DEAA507" bootable="false" readonly=" false" filename=""/>
  <partition label="msadp" size_in_kb="256" type="ED9E8101-05FA-46B7-82AA-8D58770D200B" bootable="false" readonly="false" filename=""/>
  <partition label="dpo" size_in_kb="8" type="11406F35-1173-4869-807B-27DF71802812" bootable="false" readonly="false" filename=""/>
  <partition label="logdump" size_in_kb="65536" type="5AF80809-AABB-4943-9168-CDFC38742598" bootable="false" readonly="false" filename="" />
  <partition label="frp" size_in_kb="512" type="8FA2AD2C-27DF-4B49-8C33-2DDD968078BE" bootable="false" readonly="false" filename="frp.bin"/>
  <partition label="product_a" size_in_kb="131072" type="9D72D4E4-9958-42DA-AC26-BEA7A90B0434" bootable="false" readonly="false" filename="product.img" sparse="true"/>
  <partition label="product_b" size_in_kb="131072" type="77036CD4-03D5-42BB-8ED1-37E5A88BAA34" bootable="false" readonly="false" filename="product.img" sparse="true" />
  <partition label="userdata" size_in_kb="2658048" type="1B81E7E6-F50D-419B-A739-2AEEF8DA3335" bootable="false" readonly="false" filename="userdata.img" sparse="true"/>

kolAflash · March 18, 2021, 11:22am

The release notes for the IMG-e-0.15-q-20210316105636-dev-FP3.zip update I’m using say, it has the stock update 3.A.077 imported. So I guess I shouldn’t expect anything newer than December 2020.

Nevertheless I still like to know if all those partitions get somehow updated by e/OS in general.
Does this maybe happen after the first post update boot when there’s the completing update notification?

And I still like to know when the “Vendor security patch level” is expected to raise when using e/OS

rainwalker · March 24, 2022, 9:31pm

Do these vendor firmware security patches supplied via an /e/ update only occur for certain phones, such the fairphone?

I have a moto g7 plus. Will I get the vendor firmware updates via /e/?

Thanks