this post was submitted on 08 Apr 2026
7 points (88.9% liked)

postmarketOS

223 readers
15 users here now

postmarketOS - a real Linux distribution for phones and other mobile devices 🐧 πŸ“± πŸ‘©β€πŸ’»

Rules:

See also:

founded 9 months ago
MODERATORS
JustSoup321@lemmy.world
ollieparanoid@lemmy.world
achill@lemmy.world
PureTryOut@lemmy.world
7
Locking the bootloader (sh.itjust.works)
submitted 1 week ago by med@sh.itjust.works to c/postmarketos@lemmy.world
9 comments fedilink hide all child comments
 

I've been looking through the documentation and installation guides for PostmarketOS, and I've noticed there seems to be no mention of locking the bootloader after flashing.

Is that because there's no issue with doing so, or because you can't?

I'm looking at installing on a Fairphone 5, but anyone with any device that's able to share their experience would be appreciated.

top 9 comments
sorted by: hot top controversial new old
[–] PureTryOut@lemmy.world 2 points 5 days ago

That's not a supported setup or possible atm.

[–] moonpiedumplings@programming.dev 5 points 1 week ago (1 children)

Only pixels let you relock the bootloader after flashing.

Frustratingly, grapheneos only supports pixels because of that.

[–] erebion@news.erebion.eu 1 points 1 week ago* (last edited 1 week ago) (1 children)

That's just plain wrong. Some others also allow it, for example: you could lock a Fairphone.

[–] med@sh.itjust.works 1 points 1 week ago (1 children)

After installing a different os? So if I installed PostmarketOS, could I lock the bootloader? After looking in to it more, it seems like a pretty clear no.

[–] erebion@news.erebion.eu 1 points 1 week ago (1 children)

postmarketOS does not seem to have implemented Android Verified Boot yet and I am not aware of Linux distros that do it.

Have a look at iodΓ©OS, CalyxOS, GrapheneOS if you want that, at least for now.

[–] med@sh.itjust.works 1 points 1 week ago* (last edited 1 week ago) (1 children)

I have Graphene, and I'll be sticking with it for now.

I think my next step will have to be getting involved with implementing verified boot, because unless every phone suddenly starts shipping with TPMs and open bootloaders, I won't ever be able to switch.

Finding a starting point is half the battle I guess!

[–] erebion@news.erebion.eu 1 points 1 week ago

There's definitely enough to do, so if you want to contribute in that area, it'd be MUCH appreciated. :)

[–] oddsys@lemmy.world 1 points 1 week ago* (last edited 1 week ago) (1 children)

My experience with the FP4 is you can only lock the bootloader with a couple of "official" distro's. And even then there are conditions where this can go bad.

I can use the default factory version provided by fairphone, I can use e/os.

While I can install and use postmarketos or a lineage image, I can't lock the bootloader without turning it into a brick. I believe it is to do with boot partition signing by the CPU manufacturer and the android bootloader checking it.

[–] hornedfiend@piefed.social 1 points 1 week ago

i think it's simpler than that. It merely stores the latest security update you had when you locked your bootloader and doesn't allow you to rollback to an earlier version,but anything newer - regardless of the ROM being official or eOS/iodΓ© , would allow you to relock it.

TLDR: flashing ROM security patch version > your existing security patch version.