Recently received my Librem Mini with Pure OS. After my first restart I am getting this message upon startup: “Failed Default Boot, Starting Recovery Shell” and the system won’t boot. I found another thread on this and this was the recommended solution:
Wait for the system to ask you to insert your Librem Key, press ENTER (do not insert the Key yet)
You will get into PureBoot menu, NOW insert BOTH your Librem Key and your Librem Vault (gold USB drive)
Select Options → Update checksums and sign all files in /boot
If the system asks you to “UNLOCK YOUR GPG CARD”, this means you need to type in your Librem Key USER PIN
Default USER PIN is 123456 (if you haven’t changed it), type it in and press ENTER (there will be NO characters shown on the screen while typing your PIN, don’t let that confuse you)
When I follow these instructions and get to the part where I am supposed to enter the PIN I am getting stuck. I enter the default PIN of 123456 (I never changed it so it should be the default) and I get the following message:
I am completely stuck at this point and don’t know how to proceed. I apologize in advance as I am a first time linux user and may have a bit of a steep learning curve. Thank you.
This happened because you entered incorrect PIN too many times. You now need to skip checks to boot into your system, then unblock the PIN and restart and re-sign boot files.
Detailed steps:
Restart (ctrl+alt+del)
Don’t insert Librem Key, press ENTER to show main PureBoot menu
From the main PureBoot menu select Options → Boot options → Ignore tamper and boot → Continue → select first option and press ENTER to boot
A textual prompt at the red screen will ask you to type your disk encryption password, type it in and press ENTER
When you boot into your system:
Insert your Librem Key
Open Terminal app
Type this command and press ENTER:
gpg --card-edit
You will see this prompt:
gpg/card>
Type admin and press ENTER, you should get output: “Admin commands are allowed”
You will be asked to enter ADMIN PIN. Type 12345678 (this is default ADMIN PIN if you haven’t changed it) and press ENTER.
You will NOT see any character feedback while typing the PIN, don’t let that confuse you, just type it and press ENTER.
You will be then asked to type new PIN. You can use default one (123456) or use something else (recommended) but MAKE SURE TO REMEMBER IT AS USER PIN. Press ENTER when you type it in.
You will be asked to confirm the new PIN, enter it again and press ENTER.
Thanks so much for your reply. Unfortunately I have reached another roadblock. I got to the point where I entered my disk encryption password, which worked. However, when I am asked for my user password, I am stuck. I don’t remember choosing a user password, and none of my usual passwords are working. Is there a default user password? If not, what can I do at this point?
Edit: I looked up and tried using the normal way of changing the user password, but because of my initial problem of booting (Failed Default Boot, Starting Recovery Shell) I am unable to change the password this way. Just to be clear, I do have my disk encryption password, I just don’t have my user password. Thank you in advance.