oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownership, make sure defaults are set for all modes, including default which uses current defaults being DEF pins (12345678 and 123456 as master)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-05 13:23:37 -05:00
parent 351a2e2130
commit fd136cd957
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461

View File

@ -60,8 +60,10 @@ handle_mode() {
TPM_PASS=$ADMIN_PIN
;;
*)
warn "Unknown mode: $mode"
exit 1
warn "Unknown oem-factory-reset lauched mode, setting PINs to weak defaults"
USER_PIN=$USER_PIN_DEF
ADMIN_PIN=$ADMIN_PIN_DEF
TPM_PASS=$ADMIN_PIN_DEF
;;
esac
}
@ -144,8 +146,10 @@ reset_nk3_secret_app() {
if lsusb | grep -q "20a0:42b2"; then
echo
echo "Resetting Nitrokey 3 secret app"
DEBUG "Restarting scdaemon to remove possible exclusive lock of dongle"
killall -9 scdaemon 2>&1 >/dev/null || true
# Reset Nitrokey 3 secret app
/bin/hotp_verification reset
/bin/hotp_verification reset $ADMIN_PIN
fi
}