Librem Mini - Failed Default Boot, Starting Recovery Shell

Recently received my Librem Mini with Pure OS. After my first restart I am getting this message upon startup: “Failed Default Boot, Starting Recovery Shell” and the system won’t boot. I found another thread on this and this was the recommended solution:

You probably did not update checksums after system update, as described in our documentation:

You can see how does that process looks like:

What you need to do now:

  1. Restart (ctrl+alt+del)
  2. Wait for the system to ask you to insert your Librem Key, press ENTER (do not insert the Key yet)
  3. You will get into PureBoot menu, NOW insert BOTH your Librem Key and your Librem Vault (gold USB drive)
  4. Select Options → Update checksums and sign all files in /boot
  5. If the system asks you to “UNLOCK YOUR GPG CARD”, this means you need to type in your Librem Key USER PIN
  6. Default USER PIN is 123456 (if you haven’t changed it), type it in and press ENTER (there will be NO characters shown on the screen while typing your PIN, don’t let that confuse you)

When I follow these instructions and get to the part where I am supposed to enter the PIN I am getting stuck. I enter the default PIN of 123456 (I never changed it so it should be the default) and I get the following message:

gpg: signing failed: PIN blocked
gpg: signing failed: PIN blocked
Please unlock the card

I am completely stuck at this point and don’t know how to proceed. I apologize in advance as I am a first time linux user and may have a bit of a steep learning curve. Thank you.


This happened because you entered incorrect PIN too many times. You now need to skip checks to boot into your system, then unblock the PIN and restart and re-sign boot files.

Detailed steps:

  1. Restart (ctrl+alt+del)
  2. Don’t insert Librem Key, press ENTER to show main PureBoot menu
  3. From the main PureBoot menu select OptionsBoot optionsIgnore tamper and bootContinue → select first option and press ENTER to boot
  4. A textual prompt at the red screen will ask you to type your disk encryption password, type it in and press ENTER

When you boot into your system:

  1. Insert your Librem Key

  2. Open Terminal app

  3. Type this command and press ENTER:

gpg --card-edit

  1. You will see this prompt:


Type admin and press ENTER, you should get output: “Admin commands are allowed”

  1. Then type:


  1. You will be asked:

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection?

Type 2 and press ENTER.

  1. You will be asked to enter ADMIN PIN. Type 12345678 (this is default ADMIN PIN if you haven’t changed it) and press ENTER.

You will NOT see any character feedback while typing the PIN, don’t let that confuse you, just type it and press ENTER.

  1. You will be then asked to type new PIN. You can use default one (123456) or use something else (recommended) but MAKE SURE TO REMEMBER IT AS USER PIN. Press ENTER when you type it in.

  2. You will be asked to confirm the new PIN, enter it again and press ENTER.

  3. You will now see:

PIN unblocked and new PIN set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection?

Press Q to exit to main menu.

  1. You will see this prompt again:


Type quit and press ENTER and that’s it.

Then restart to get into PureBoot menu and perform re-sign of boot files, like those instructions you posted above suggest.

Thanks so much for your reply. Unfortunately I have reached another roadblock. I got to the point where I entered my disk encryption password, which worked. However, when I am asked for my user password, I am stuck. I don’t remember choosing a user password, and none of my usual passwords are working. Is there a default user password? If not, what can I do at this point?

Edit: I looked up and tried using the normal way of changing the user password, but because of my initial problem of booting (Failed Default Boot, Starting Recovery Shell) I am unable to change the password this way. Just to be clear, I do have my disk encryption password, I just don’t have my user password. Thank you in advance.