Lost Librem Key PINs?

After updating my PureBoot firmware to 18.1 to fix the security issue I was prompted to generate new TOTP/HOTP secrets, and was prompted to enter a Librem Key admin PIN to do this. I had previously changed my PINs from the defaults but the new PINs I had replaced them with did not work (always “wrong PIN” error). So I searched this forum and found a post recommending to OEM Factory Reset the Librem Key to get the default PINs back: Forgot both PINs to my Librem Key

After doing an OEM factory reset I was again prompted to enter a Librem Key admin PIN to update TOTP/HOTP secrets. The default PINs all throw the “wrong PIN” error, as do the old PINs. I am at a loss as to how this is possible - can anyone recommend a way of resetting my PINs, or give some insight in to why the default PINs would not be working after an OEM Factory Reset?

Maybe a dumb question, but are you sure you’re using the right default PIN? I had something similar happen recently and was trying different things with the key for an hour to get it to take the default PIN after I had to do a factory reset. As it turned out, I was trying 123456789 as the default admin PIN, when really it’s 12345678.

I still don’t think I was entering my admin PIN wrong when I ran out of tries and had to do a factory reset, because I was able to unlock the key just fine with it in the Nitrokey app, but since I can’t reproduce the issue now, there’s nothing to be done about it.

I had this happen as well (I was going to comment on the original post about this…).

To solve the problem:

  1. Boot the machine without using the key;
  2. On the command line, do an OEM reset;
  3. Immediately change your admin password;
  4. Change the other password;
  5. Reboot and generate the new TOTP/HOTP secret.

This worked for me; I can now boot with my librem key.

2 Likes