HOTP: Error checking code Insert HOTP USB Security Dongle

While reinstalling Qubes the laptop suddenly shuts down.
Then when I start it, it gives a loop of HOTP and TOTP and TPM errors and at one point it was saying that no default boot menu detected.

  1. So I decided to OEM factory reset and now I am getting:
    “HOTP: Error checking code, Insert HOTP USB Security Dongle a-(this part is cut-off so don’t know what it says).” with a yellow background.
  2. After this when I press Default boot it says:
    “The file containing hashes for /boot is missing!
    Would you like to update your checksums now?”
  3. So I pressed yes and I get:
    “confirm that your GPG card is inserted”
  4. I am guessing thats my nitrokey usb stick so I pressed Yes. Then it says:
    “/boot/kexec_rollback.txt does not exist: creating new TPM counter TPM Owner Password:”
  5. I put the default pin and then it says:
    “gpg: no default secret key: No public Key
    gpg: signing failed: No public key
    (repeats multiple times)
    /boot: Unable to sign kexec hashes
    Failed to sign default config: Press Enter to continue.”
  6. Then it brings me back to the same yellow menu:
    “HOTP error insert USB Security…”

– What should I do now because i feel like I tried to “refresh TOTP/HOTP” but it doesnt solve the issue. But I noticed that when I refresh it stops midway. Like after it says HOTP success it just stops and then I have to turn the laptop off. Is that normal or is something else supposed to happen.
– should I “Change configuration settings”
—change “boot options”
—GPG options
—Flash the BIOS
?
Sorry for giving so much trouble I swear I am not doing anything wrong.

  1. So I decided to do a Clean Boot - from the boot options settings.
    After everything was erase etc. I get to this page:
  1. So i press continue since i think i meet all requirements. Except my OS but i assume it is there.

  2. After successful reset I get this message:
    https://postimg.cc/t7SDBQ4d

  3. So should I generate new secret or just continue to MEnu? I have being pressing generate new secret so I press it again and then I get this:
    https://postimg.cc/Lg8S2dcB

  4. how am i supposed to scan the QR code? I dont know so I just press enter and i get this:
    “device has no listeners quitting…and then it says:…Admin 3 User 3 Operation Success”

  5. So i enter admin pin and then it says:
    https://postimg.cc/kRG5wtgm

  6. So I press enter and then I get
    https://postimg.cc/p5m2KbsV

  7. wow it looks like everything is okay right so I go to boot options and start booting from usb. to reinstall Qubes (dont stop reading the issue is coming)
    https://postimg.cc/XZKc6tcv
    https://postimg.cc/XZKc6tcv

  8. Then I get to this page and it seems like everything is going good:
    https://postimg.cc/sMmgFcGr

  9. Then once it gets to “generating initramfs” and then post scripts it suddenly shuts down ugh:
    -running post installation scripts
    https://postimg.cc/gw9QDwK6

-shutsdown

  1. So i then turn it on and BOOM i am back to the the same error of HOTP: Error check code Insert HOTP USB Security Dongle. Yes my nitrokey is inserted.
    https://postimg.cc/JDYQpvWd

back to the beginning haha My hair is falling out haha.

1 Like

Hi! Thank you for elaborated description!

  1. Which model of the Nitrokey USB device do you have?
  2. Do you have the Nitrokey USB device inserted on each boot? If so, does it blink green or red?
  3. The QR code can be used for an additional mobile application for cases, when the Nitrokey USB Security device is not available, but the mobile is.
  1. I have the Nitrokey Storage 2 16 GB

2a. Yes I usually just keep the Nitrokey plugged in all the time.
2b. When I turn the laptop on it blinks red twice, which is normal, but then when it reaches the Heads boot Menu it doesn’t blink at all because of the Error. I even tried inserting it into a different usb port and nothing. (Note that when the HOTP is a success it does blink green but when it loops back to the HOTP error it doesn’t blink anything at all.)
2c. When I was troubleshooting I did a lot of reset for different things like HOTP TPM etc. I also “Clear GPG keys and reset all user settings” from the Config Management Menu. So maybe I erased something in the Nitrokey? idk
2d. FYI when I list my GPG Keyring I get this:


is this normal
  1. Ah cool is there a tutorial on how to switch to inputting the security code using the QR code connection. Not important right now but would be good for when I don’t want to bring the nitrokey with me. haha.
  1. Please make sure you have the latest firmware - v1.3.1.
  2. Can you run Factory Reset once again?
  1. That was the first thing i did long time ago before I started doing any troubleshooting. https://postimg.cc/cvTdtfc7

  2. pending

1 Like
  1. That was the first thing i did long time ago before I started doing any troubleshooting. https://postimg.cc/cvTdtfc7

  2. After turning on with nitrokey inserted and starting OEM fact reset.
    https://postimg.cc/cvTdtfc7
    https://postimg.cc/sMHBkMNc

  3. custom password? I press N
    custom GnuPG? I press N
    export pubkey? I press N
    then I get this:
    https://postimg.cc/9RdGTGWp

  4. after waiting a bit I get the final Success.
    https://postimg.cc/V5HNgJdB

  5. After pressing enter i get this error:
    https://postimg.cc/47qr7Rxt

  6. ? So what should I press Generate new HOTP/TOTP secret OR Reset TPM?
    I end up pressing Gen new secret (however one time i did press Reset TPM because I felt like Gen new secret still lead me to the HOTP error loop from the original post) Either way I get this after press enter to generate a new secret:
    https://postimg.cc/r0f5Qqr0
    https://postimg.cc/WFYJ0SB0
    https://postimg.cc/PpJCfYCJ

  7. I press enter and get OP sucess enter admin pin which i assume is the default i enter it and get this success:
    https://postimg.cc/6TdX2TCp

  8. So i press enter to continue: and wow like i showed you before everything seems likes it is back to normal:
    https://postimg.cc/ZCb5J6XS

Now what should I do? Do i have to chose a default boot since i did a OEM? Should I use the qubes iso image from the official site instead? I noticed that the images were different sizes so maybe something is different?

  1. I shutdown the laptop. I will wait for your response before I try reinstalling the qubes OS.

Hey so The Qubes install was actually successful a long time ago. I had just forgotten that there is a password on it that gets automatically added to it. But I thought it was still the password that I had forgotten. Sorry about this. After I created a username I ended up doing a OEM factory reset again and this time it seems everything has gone back to normal. lol my bad guys I am such a noob. Thank You Jans and szszszsz for being patient with me and sorry for spamming so much. Someone was able to help me see my mistake ahaha.

Hi @iamacarrot!

Great! I am glad you made it working! It’s not that easy I believe, so it’s alright to make mistakes.
Given your experience, could you tell how should we correct our documentation anywhere to make it easier for the future users?