You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
when trying to sign boot and the public key fused in firmware doesn't match the private key on your usb security dongle you get a non descriptive error from gpg
gpg: error running '//bin/dirmngr': probably not installed
gpg: failed to start dirmngr '//bin/dirmngr': Configuration error
gpg: can't connect to the dirmngr: Configuration error
gpg: no default secret key: No dirmngr
gpg: signing failed: No durmngr
Describe the solution you'd like
handeling the error from heads side and give the user more
Describe alternatives you've considered
asking in heads matrix room for help
user1: "You need to do a OEM Factory-reset/ Re-Onwership, or inject matching public key to private key safeguarded in USB Security dongle"
user2: "aha i see ok thanks i got confused because i skipped step 3 on the osresearch page because i thought i wanted to install the os before i configure the keys"
user1: "This is an example of not match. The public key fused in firmware doesn't match signature private subkey in usb security dongle."
bash-5.1# gpg --list-keys
//.gnupg/pubring.kbx
--------------------
pub nistp256 2025-02-07 [SC]
B36C3AF93E77040FD734888F52AE39F01E5F8D8E
uid [ultimate] OEM Key (OEM-generated key) <[email protected]>
sub nistp256 2025-02-07 [A]
sub nistp256 2025-02-07 [E]
bash-5.1# gpg --card-status
Reader ...........: 20A0:42B2:X:0
Application ID ...: D276000124010304000FF36525100000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: F3652510
Name of cardholder: Laurion Thierry
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa3072 rsa3072 rsa3072
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 687
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: 575F 80D1 599E A6D2 C70A A9A1 9A53 E1BB 3FF0 0461
created ....: 2023-12-21 18:13:47
Encryption key....: 4918 12E4 9F57 F375 D68A A481 CEB2 9E29 6647 9069
created ....: 2023-12-21 18:13:48
Authentication key: 40DE 5D70 C7DA B5B5 C986 7FF4 BA61 2AAA A0B0 DD8E
created ....: 2023-12-21 18:13:49
General key info..: [none]
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
when trying to sign boot and the public key fused in firmware doesn't match the private key on your usb security dongle you get a non descriptive error from gpg
Describe the solution you'd like
handeling the error from heads side and give the user more
Describe alternatives you've considered
asking in heads matrix room for help
Additional context
conversation from heads matrix room
notable messages:
user1: "You need to do a OEM Factory-reset/ Re-Onwership, or inject matching public key to private key safeguarded in USB Security dongle"
user2: "aha i see ok thanks i got confused because i skipped step 3 on the osresearch page because i thought i wanted to install the os before i configure the keys"
user1: "This is an example of not match. The public key fused in firmware doesn't match signature private subkey in usb security dongle."
The text was updated successfully, but these errors were encountered: