Forgot both PINs to my Librem Key

I haven’t used my Librem Key in a long time and have forgotten both my User and Admin PINs. Is the key a total loss or is there a way to reset it?

I’m still using the key to boot my laptop, that works fine. I can’t, however, re-sign my /boot files without the key’s User PIN.

If I can reset the key, will I need to wipe my laptop too or is there a way to remove the boot-time key requirement, reset the key, and then re-enable the boot-time key requirement?

There isn’t anything of value on the laptop so I don’t mind wiping it if needed.

Any help is appreciated. Cheers.

See section for factory reset of keys.

Clarification: without both pins the keys are worthless but the physical smartcard can be reset with new keys.

If you have backups of your keys you can restore them to the card.

Of note. When creating keys on the computer to put on the librem key the guide says to use
gpg --gen-key

I prefer:
gpg --full-generate-key

This let’s you specify a 4096 key

Thanks for the info.

After I do a Factory Reset on the Librem Key will I still be able to boot my laptop with it?

You’ll have to copy your public key to a USB, import it to pureboot, reset the TPM and resign the boot partition

So, for the people as confused/in-over-their-heads as me I did the following to successfully reset my Librem Key AND retain access to my existing OS installation:
At the PureBoot Main Menu:

  1. Options -->
  2. OEM Factory Reset -->
  3. Insert a USB thumbdrive and hit Continue
  4. Follow the prompts
  5. Reboot
  6. Follow the prompts to create new secrets
1 Like