Hotp fail red screen on boot

In the past months, I have had two instances of HOTP failed on boot. When this has happened I’ve reflashed the ROM and created new keys on the Librem key to sign the bootloader.

What could be causing this to happen? has my machine been compromised? or are there other known reasons for HOTP failure?

more than one probable reasons:

  1. counter of HOTP for system is being stored on /boot , if you deleted/modified it it will fail to red
  2. HOTP on key - if you triggered HOTP manually / or triggered app to check hotp secret internal counter on key would increase, so will mismatch counter on system.
  3. faulty memory module can trigger.

What i can advise is try to look closely what PureBOOT display on boot. setup TOTP as additional factor to verify if problem is with key, or actually with system.
Steps to take:

  1. make sure system time is right
  2. regenerate TOTP/HOTP secret - while this proces is being performed QR code for auth app like Google Authentication is visible on screen, scan it with your favorite Auth app
  3. on boot , always fallback to menu and do comparison of TOTP
  4. always read reason visible in menu why HOTP/TOTP failed.

Please report back what kind of messages you are seeing. More Precise information easier will be to find issue you are facing.

Ok great thank you. It just did it again so have generated a new TOTP/HOTP secret and scanned the QR code into my auth app this time.

How do I check to make sure the system time is correct?

drop emergency shell
invoke date command with no parameters.