Reset OS settings to original config

My purpose is to reset my OS settings due to conficting privileges, and my not being able to set the issue right.
I would prefer not to reinstall the operating system, since it does require me to use unsecure devices to make changes to a secure device, ideally I’ll use only the Nitrokey storage and NitroPad, but I’m willing to compromise if it goes as far as to needing a new machine or taking an amount of time that I find is unacceptable.
I’ve seing there is an option to “clear GPG key(s) and reset all user settings” will this undo the configuration done by Nitrokey (I ordered it with a OS preinstalled)?
A factory reset would live it in a state where Nitrokey could have send it to me, is that correct?
If neither of these option work is there anything else I can try, other than reinstalling the OS?

Last question, since I only have one port available, can I export the keys before or create them afterwards? The documentation says that the factory reset will erase PGP key(s), but on the boot menu, I’m only seeing an option to back up GPG, not PGP.

Thank you for your help.

Hey @IUsername ,

let me put some things straight:

  • the OS (Qubes, Ubuntu, Debian, would be good if you mention which one you use) has not much to do with the menu directly after (re)booting
  • the menu after (re)booting is essentially the “bios” or better firmware and verifies itself using your Nitrokey
  • further it signs your files in /boot (these belong to your OS) to make sure those have not been changed

So depending on what you actually want to achieve you might want to reset the one (firmware+nitrokey) or the other (OS).

To reset the firmware and the Nitrokey you can follow these instructions here: Factory Reset — Nitrokey Documentation this will reset your nitrokey and the firmware and finally sign the files inside the /boot directory again. (btw. during the factory reset you can choose to export your newly created key onto a usb-storage)

This process will leave your OS untouched, despite the /boot file signing. To actually reset your OS itself you might follow these steps: Operating System Reinstallation — Nitrokey Documentation

Keep in mind that after an OS re-installation you’ll need to re-sign the /boot files again (System update — Nitrokey Documentation).

PGP might be mixed up in the docs with GPG here (have put it onto the todos). Further the export you can do from within the menu is just the public key. The private key (on your Nitrokey) is a secret and cannot be exported (despite while creating it during the factory reset).


So I think I definitly have to reinstall my OS here (Qubes). No work around. I understood that the bios was different from the OS, but I assumed that if you reset cryptographic keys you’d touch the OS in some way, my mistake.
I’ll try the OS reinstallation procedure then.

1 Like