Hello,
So I made new GPG Keys for Pureboot, and then put them on my Librem Key (following this guide https://docs.puri.sm/Librem_Key/Getting_Started/User_Manual.html#managing-gpg-keys).
If I type gpg --card-status
I see the signature key, encryption key, and authentication key on the Librem Card.
However, when I boot up my Purism laptop, it for some reason doesn’t see the GPG keys. I get an error saying “Error: GPG keyring empty!”. If I select, “Add a GPG key to the running BIOS” -> “Add GPG key to running BIOS and reflash” it errors into a recovery shell, I restart my computer, and the entire thing repeats.
If I “List GPG keys in your keyring” (from Pureboot’s GPG menu), it shows empty. But, if I select “Generate GPG keys manually on a Librem Key”, it shows the same signature, encryption, and authentication keys (that gpg --card-status
does), and asks if I want to overwrite. If I say no, and quit, it asks if I would like to add the GPG key to the BIOS, and sign files in /boot.
Selecting yes shows it reading flash, looking up coreboot tables, etc, but then still fails to update the checksum, reboots, and all starts over again.
Any help would be really appreciated!