FP6: Unable to lock bootloader

Installation Help
1

Hello everyone,
I tried to install iodéOS 7.5 on a Fairphone 6 via fastboot.
The Fairphone had Android 15 installed, with a build from February.
Unlocking the bootloader and installing iodéOS went smoothly.
However, when I try to lock the bootloader afterward, I get a corrupt device:
“Your device is corrupt, it can’t be trusted and will not boot”.
Fortunately, I was able to unlock the bootloader again, but the iodéOS installation was no longer bootable.
A fresh installation with the bootloader unlocked is bootable, and iodéOS runs without any issues.
But every time I try to lock the bootloader, I end up with a corrupted device.
Unfortunately, I’m no longer sure what security patch level FairphoneOS had. Probably from February…
iodéOS 7.5 has Android security updates from April and a vendor security patch level from December. Is the latter the problem here?
Does anyone have any ideas on what I could do to close the bootloader?
I’m grateful for any constructive suggestions.

:germany:

Hallo zusammen,
ich habe versucht iodéOS 7.5 auf ein Fairphone 6 per fastboot zu installieren.
Auf dem Fairphone war Android 15 mit einer Version von Februar installiert.
Die Öffnung des Bootloaders und auch die Installation von iodéOS liefen problemlos.
Allerdings, wenn ich versuche den Bootloader im Anschluss zu schließen, dann erhalte ich ein korruptes Gerät:
“Your device is corrupt, It can’t be trusted and will not boot”.
Zum Glück ließ sich der Bootloader wieder öffnen, aber die iodéOS-Installation war nicht mehr bootbar.
Eine Neuinstallation mit offenem Bootloader ist bootbar und iodéOS läuft auch ohne Probleme.
Aber jedes Mal, wenn ich versuche den Bootloader zu schließen, erhalte ich ein korruptes Gerät.
Ich bin jetzt leider nicht mehr sicher, welche Security Patch Level das FairphoneOS hatte. Vermutlich vom Februar…
Das iodéOS 7.5 hat Android Security Updates von April und ein Vebdor security patch level von Dezember. Ist letzteres ds Problem hier?
Hat jemand eine Idee, was ich tun könnte, um den Bootloader zu schließen?
Ich bin für alle konstruktiven Ideen dankbar.

1 Like
2

Let me check with our lead developer. The December vendor security patch level is the most recent for the FP6 still I believe.

UPDATE: I got confirmation that Fairphone DID release an updated vendor security patch, so that is why re-locking is not working. This updated patch is not yet integrated in the LineageOS build that iodéOS is based on. So, unfortunately, if that security patch was part of your previous install you will need to wait for another month until it is incorporated in the iodéOS builds until you can re-lock the bootloader (when you re-lock, your userdata will be reset so you will need to then restore a backup). You can follow the commits here to see when the security patch gets applied: Commits · v7-staging · os / public / devices / fairphone / device_fairphone_FP6 · GitLab

3

Thanks @rik for the confirmation.

It’s a bummer that I now have to wait (hopefully just) another month, but I’ll use the time to come up with a plan for how best to transfer my data from my old smartphone. For that, I’m going to take a closer look at Seedvault…
I’ll let you know if the next update has fixed my bootloader issue.
So, see you in a month… :wink:

1 Like
4

Please make sure to disable auto-updates of FairphoneOS or you may just keep jumping yourself 1 commit newer than the new iodéOS release next month :slight_smile:

5

Hey there, I have been trying to relock the bootloader on my FP6 unsuccessfully for a while now and the message “Your device is corrupt, it can’t be trusted and will not boot” you received while you were trying to relock the bootloader is an indication that the FRP was triggered. I got mine triggered when I attempted to flash iodeOS 7.4 on a device running /e/OS. waiting a month and flashing iodeOS 7.5 on it did not solve the problem either. So using an LLM, I ran a troubleshooting session and received following diagnosis and recommendation:

Based on your details, this is very likely an Android rollback protection / security patch level problem, not a bad flash.

The key clues are:

  • fastboot flashing lock fails immediately

  • the phone returns to fastboot with “device is corrupt”

  • you can still unlock and boot iodéOS again

  • you came from /e/OS

  • FP6 has strict rollback protection

  • this exact pattern has already happened to other FP6 users on iodéOS and /e/OS (Fairphone Support)

What is probably happening:

  • Your previous /e/OS installation had a newer rollback index / security patch level than the iodéOS build you flashed.

  • When the bootloader is unlocked, Android allows booting anyway.

  • The moment you try to relock, Android Verified Boot (AVB) enforces rollback protection and rejects the installed system as “corrupt”.

The important thing is:
you are NOT hard-bricked because get_unlock_ability: 1 still works.

The most likely fix

You need to first install a firmware/base system with a security patch level equal to or newer than the one your phone previously saw.

Because you do not remember the /e/OS patch level, the safest approach is:

  1. Flash the newest official Fairphone OS available for FP6

  2. Boot it once completely

  3. Update it fully through OTA

  4. Unlock again

  5. Reflash the newest iodéOS build

  6. Then relock

This usually resets the rollback mismatch chain safely.

Recommended recovery sequence

Step 1 — Return to latest stock Fairphone OS

Download the newest FP6 factory image from Fairphone Support

Then flash it completely.

VERY important:

  • do NOT skip any partitions

  • do NOT keep userdata

  • let the official flashing script handle both slots

Step 2 — Fully boot stock OS

After flashing:

  • boot into Android normally

  • complete setup

  • connect to Wi-Fi

  • install ALL available OTA updates

  • reboot until no more updates remain

You want the newest possible:

  • Android security patch

  • vendor patch

  • bootloader firmware

This matters because FP6 rollback protection appears tied to vendor SPL too. (/e/OS community)

Step 3 — Verify patch level

In Android:
Settings → About phone

Check:

  • Android security update

Make note of it.

Step 4 — Unlock again

Enable:

  • OEM unlocking

  • USB debugging

Then:

adb reboot bootloader

fastboot flashing unlock

fastboot flashing unlock_critical

Step 5 — Reflash iodéOS

Use your:
iode-7.5-20260506-FP6-fastboot

This is newer than the early problematic FP6 iodé builds. (iodé community)

Step 6 — BEFORE locking

Boot iodéOS fully once.

Then check:

adb shell getprop ro.build.version.security_patch

If it is older than the stock Fairphone patch you installed in Step 2, DO NOT LOCK.

Step 7 — Lock correctly

Then do:

adb reboot bootloader

fastboot flashing lock_critical

IMPORTANT:
When the phone reboots:

  • immediately hold Volume Down

  • return to fastboot

Then:

fastboot flashing lock

This order matters on FP6. (Fairphone Support)

One more important thing

Your output shows:

slot-successful:b:no

slot-successful:a:yes

That is not automatically bad, but it suggests slot B may never have been fully booted after flashing.

If the problem persists after the stock-update procedure, the next thing I would investigate is whether the iodé installer only populated slot A correctly and left slot B inconsistent for AVB verification during relock.

If you get to that point, I can walk you through checking:

  • active/inactive slot contents

  • AVB metadata

  • vbmeta signatures

  • rollback indexes

  • slot synchronization

without risking a hard brick.

*At this point, though, the rollback/SPL mismatch explanation is by far the most probable cause.
*
On my FP6 I have paused at Step 4 in the above Recovery Sequence because FairphoneOS latest build for FP6 (FP6.QREL.16.61.0) has an Android Security Update dated April 5, 2026 which is newer than the April 1, 2026 Android Security Update for iodeOS 7.5.

So, I will wait another month and give it another try again once more with iodeOS 7.6. If that attempt triggers the FRP again then I will look to install some other OS on my FP6 frankly as my current phone is barely holding charge to get me a through an entire day. Hope this helps as in the above proposed solution by @rik, he is not expressly asking you to go back to Fairphone OS to unroll the FRP back. If you remain on iodeOS after the FRP is trigerred, you may not be able lock the bootloader even with a newer version of iodeOS, at least that was my experience…*
*

Back from de dead -> the next episode of my journey to install iodeOS on FP6
6

Thanks for all the input. I still have a few questions, though:

  1. Is it really important to go back and flash FairphoneOS?
    To “clean up the system,” so to speak?
  2. Or should it be enough to flash a newer version of iodéOS with a higher security patch level?
    (I’m currently using iodéOS 7.5 with an unlocked bootloader for testing purposes until the next update.)
  3. Do I need to have a locked system before the next attempt? As a sort of reset before going through the iodéOS installation process again?
  4. If installing FairphoneOS is recommended, how important is it to install the latest (OTA) updates after installation?
    Couldn’t that result in an too high security patch level for iodéOS 7.6 again?

Thanks in advance!

7
  1. Yes, when I flashed the latest Fairphone OS, a confirmation message indicates that if you proceed with flashing FRP will be removed/reset.
  2. I already tried this method while updating via OAT from 7.4 to 7.5. Did not work for me. Flashing 7.5 via fastboot did not make a difference either.
  3. I do not think soI think the key is to break the cycle by installing the latest Fairphone OS build.I have yet to test this step my self though.
  4. My understanding is installing the latest build is the way to to undo/reset the FRP. I also tried installing the Feb build of Fairphone OS and that did not do the trick presumably because what had triggered the FRP had a later android security patch date.

I hope to break out of the FRP trigger cycle with my next attempt I will have to wait for May android security patch come through first. Hope this helps…

8

The reason the FP 4,5,6 were removed from the graphical installer was specifically to reset FRP since before that FPOS users were getting in trouble that way. But FRP is triggered by not removing a Google Account before reflashing, it is NOT the same as ARB (“Anti-RollBack Protection”) which is what I think you are dealing with (this is what “prevents” rolling back to an older vendor security patch).

The newest Fairphone OS now includes a May 2026 “vendor security update” that is not yet released for their LineageOS port, so yet again you will need to wait another month if you put that newest FPOS on your device before the iodéOS version catches up and will not trigger ARB. Sorry.

9

To be honest, I’m a little uncertain right now about what to do when iodéOS 7.6 comes out in June.
I never had a Google account logged in on my FP6 (FPOS with Android 15 dated February, if I remember correctly).
When I first started it up, I actually skipped everything and just checked the general device functions.
After that, I tried installing iodéOS 7.5. And that’s still the current status: iodéOS 7.5 with an unlocked bootloader.

In your opinion, what steps should I take when iodéOS 7.6 comes out?

Thanks in advance!

FYI: Fairphone currently offers these releases for download on their support page:

Android 15

Version: FP6.QREL.15.178.0
Release Date: 05 March 2026
Security Patch: 05 February 2026

Android 16

Version: FP6.QREL.16.48.0
Release Date: 16 March 2026
Security Patch: 05 February 2026

Version: FP6.QREL.16.61.0
Release Date: 28 April 2026
Security Patch: 05 April 2026

10

@rik thanks for correcting my understanding. It should be the trigger of ARB not FRP causing my issues. But, I think I am still going to stick with following the recovery sequence as it states “The moment you try to relock, Android Verified Boot (AVB) enforces rollback protection and rejects the installed system as “corrupt”.”

As for the May FPOS, I will not install it. FP6 is not my daily driver yet. So it is turned off and tucked away in a drawer. Besides, I do not have any other idea to try now…