Indeed, the timing is critical. According to the latest FIDO2 specification, the reset request can occur only during the first 10 seconds after the device being powered up, otherwise it has to be rejected.
Doing this through the VM is possible, but requires time precision. See docs at:
pynitrokey should have mentioned that - I wonder why you had the “busy” error - if you had done that under Windows 10, then it probably was caused by OS locking the device from other applications, including
pynitrokey. AFAIR running that within a terminal started with Admin rights solves the problem.
Forgot to mention that probably from the same reason the Google Chrome browser does not allow to run FIDO2 reset from itself on Windows 10, nor managing its content.
Reset operation for the FIDO2 replaces the key used for signing with a new one, and removes all FIDO2 Resident Keys (RK).
Regarding the docs, we are migrating to a new platform now so updates might be delayed.