Moderation @tlaurion: this impacts only tpm 1.2, master (dc0cd70) tpm2 workflows not impacted from testing.
On TPM2, flashing without preserving settings will result in reboot and next prompt being a choice to factory-reset/inject public key and things go well there. Config -> wipe settings works as expected(+tpm reset), resulting in oem-factory-reset on next boot that can be cancelled, leading to gpg menu (add public key there). Reboot, and then reseal secrets, all UX guided as expected.
Describe the bug
In order to use the maximized board with tpm1.2 and existing gpg key on nk3 mini heads fails to properly set everything up.
To Reproduce
Steps to reproduce the behavior:
- From heads menu choose „Flash the firmware with a new ROM, erase settings“
- Options > change configuration settings > clear GPG keys and reset all user settings > reset the tpm and reboot as suggested
- Generate new totp this will give multiple failures with integrity report without beeing able to sign files on / boot because the tpm passphrase does not match
Expected behavior
Beeing able to generate totp and sign boot files after adding public key into bios.
Screenshots
Please see the screenshot below
Additional context
In the discussion with @tlaurion after reflashing the bios and directly reseting the tpm reboot step is not enforced.
Moderation @tlaurion: this impacts only tpm 1.2, master (dc0cd70) tpm2 workflows not impacted from testing.
On TPM2, flashing without preserving settings will result in reboot and next prompt being a choice to factory-reset/inject public key and things go well there. Config -> wipe settings works as expected(+tpm reset), resulting in oem-factory-reset on next boot that can be cancelled, leading to gpg menu (add public key there). Reboot, and then reseal secrets, all UX guided as expected.
Describe the bug
In order to use the maximized board with tpm1.2 and existing gpg key on nk3 mini heads fails to properly set everything up.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Beeing able to generate totp and sign boot files after adding public key into bios.
Screenshots
Please see the screenshot below
Additional context
In the discussion with @tlaurion after reflashing the bios and directly reseting the tpm reboot step is not enforced.