In the past months, I have had two instances of HOTP failed on boot. When this has happened I’ve reflashed the ROM and created new keys on the Librem key to sign the bootloader.
What could be causing this to happen? has my machine been compromised? or are there other known reasons for HOTP failure?
counter of HOTP for system is being stored on /boot , if you deleted/modified it it will fail to red
HOTP on key - if you triggered HOTP manually / or triggered app to check hotp secret internal counter on key would increase, so will mismatch counter on system.
faulty memory module can trigger.
What i can advise is try to look closely what PureBOOT display on boot. setup TOTP as additional factor to verify if problem is with key, or actually with system.
Steps to take:
make sure system time is right
regenerate TOTP/HOTP secret - while this proces is being performed QR code for auth app like Google Authentication is visible on screen, scan it with your favorite Auth app
on boot , always fallback to menu and do comparison of TOTP
always read reason visible in menu why HOTP/TOTP failed.
Please report back what kind of messages you are seeing. More Precise information easier will be to find issue you are facing.