From 03e5ec0ddf8e89abbd551cd92cfe1a9637c49f1d Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Thu, 5 Dec 2024 13:46:25 -0500
Subject: [PATCH] oem-factory-reset: if nk3, also display Secure App PIN = GPG
 Admin PIN as text and in Qr code

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
---
 initrd/bin/oem-factory-reset | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
index e69a7ddd..74894e87 100755
--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@@ -1387,6 +1387,12 @@ fi
 
 #GPG PINs output
 passphrases+="GPG Admin PIN: ${ADMIN_PIN}\n"
+
+#if nk3 detected, we add the NK3 Secre App PIN. Detect by product ID
+if lsusb | grep -q "20a0:42b2"; then
+	passphrases+="Nitrokey 3 Security App PIN: ${ADMIN_PIN}\n"
+fi
+
 #USER PIN was configured if GPG_GEN_KEY_IN_MEMORY is not active or if GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD is active
 if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then
 	passphrases+="GPG User PIN: ${USER_PIN}\n"
@@ -1397,6 +1403,7 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" = "y" ]; then
 	passphrases+="GPG key material backup passphrase: ${ADMIN_PIN}\n"
 fi
 
+
 # Show configured secrets in whiptail and loop until user confirms qr code was scanned
 while true; do
 	whiptail --msgbox "