From 03e5ec0ddf8e89abbd551cd92cfe1a9637c49f1d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 5 Dec 2024 13:46:25 -0500 Subject: [PATCH] oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PIN as text and in Qr code Signed-off-by: Thierry Laurion --- initrd/bin/oem-factory-reset | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index e69a7ddd..74894e87 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1387,6 +1387,12 @@ fi #GPG PINs output passphrases+="GPG Admin PIN: ${ADMIN_PIN}\n" + +#if nk3 detected, we add the NK3 Secre App PIN. Detect by product ID +if lsusb | grep -q "20a0:42b2"; then + passphrases+="Nitrokey 3 Security App PIN: ${ADMIN_PIN}\n" +fi + #USER PIN was configured if GPG_GEN_KEY_IN_MEMORY is not active or if GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD is active if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then passphrases+="GPG User PIN: ${USER_PIN}\n" @@ -1397,6 +1403,7 @@ if [ "$GPG_GEN_KEY_IN_MEMORY" = "y" ]; then passphrases+="GPG key material backup passphrase: ${ADMIN_PIN}\n" fi + # Show configured secrets in whiptail and loop until user confirms qr code was scanned while true; do whiptail --msgbox "