How to Reset Pure Boot after Librem Key expired


My keys for my Librem key expired. I tried doing a factory reset and then following the instructions here:

I can’t get it to work by creating new keys and doing a re-flash. Do you know how I proceed? I can only boot by bypassing the security and being “unsafe.”

Is there a better source of documentation on how to proceed?

I spent two hours trying to do this with the manuals and looking through here. I can’t get anywhere. Any help appreciated.

I was able to get this to work just now, but only by generating the keys on the Librem Key itself. This is “Generate GPG Subkeys on The Librem Key” in the instructions. I guess this isn’t the end of the world, but you can perhaps note this as a potential problem for others… Ideally, I would not have done it this way and done it the main way as described in the instructions.

If there was an expiry, it sounds like you used a personal GPG key that you put on the Librem Key? (like maybe one for email or something like that?)

If that is the case, then when your GPG key expired, you would update the expiry for your private keys, and then you would need to generate a new GPG public key that corresponds to it (that also shows the new expiry) and upload it to any key servers you use, if this is a key you use publicly, so others can refresh their keyrings with the new public key.

In addition you need to replace the corresponding public key that’s in PureBoot’s GPG keyring, with an updated version. We document how to do that here: