Generally this sounds good, usually the bootloader is the last step of the installation procedure.
So you just installed qubes os, I am pretty sure it went well. To verify this you could try to boot into the OS, there is an option in the menu (I can’t tell exactly where from the top of my heart), but we can skip this for now. Heads doesn’t want to make it easy for you to boot the system without being verified using hotp and your nitrokey storage (but I am pretty sure it should be there in the menus).
More important is that you reset your Nitrokey Storage, because the error you currently see is because your Nitrokey Storage is not initialized with your current installation. But you cannot initialize it as you have used up all of your admin pins.
Once you have reset your Nitrokey Storage, you can follow Factory Reset — Nitrokey Documentation to get rid of the “missing hash files” dialog and boot into your system.
So most importantly: reset your Nitrokey Storage using one of the options documented here: Frequently Asked Questions (FAQ) | Nitrokey Please do not stop trying, if this is not working for you, one of the options has to work (actually all do), if you encounter a problem, please be precise about the problem you see and do not stop and jump to the next issue before this is done.
ok… I can’t now get into the terminal prompt to run gpg factory-reset on the nitropad so I tried on my desktop terminal, got into admin but it wouldn’t recognise the nitrokey…
First of all I tried using the NItrokey App, originally I managed to change my pin with it this was a few days ago. Recently I was unable to do the same. That is why I attempted to use the terminal on my desktop and acessed gpg2 admin there…
That’s weird, in lsusb's output you should find something like that:
20a0:4109 Clay Logic Nitrokey Storage
Can you please verify using other USB slots that the Nitrokey is not listed by lsusb ?
Further you can also check dmesg while plugging in the Nitrokey to see if something happens that could indicate the Nitrokey is connected/not connected?
Ok, I think problem there solved… The lsusb shows the nitrokey if I plug it into a usb2 socket (it was in three before) Strangly though the Nitrokey App worked when it was plugged into the usb3…
/]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
This is the output I get…
Should I uninstall the nitrokey app and then manually install the UDEV rules… In other words could the Nitrokey app be preventing me from acessing the card…? It looks as though that could be the solution after reading the FAQ…
Ok, I’ve had some success
new pins and AES keys have been generated…
I have now generated new HOTP secret…
I’ve now got myself lost… How should I start a new qubes installation from this position?
just to recap: I did a new qubes installation which didn’t appear to finish naturally… It closed itself down after the bootloader had been installed, which led you to believe that the installation went well…
Ok, I did another Qubes installation to see if this went any better and it did…
This time it appeared to finish the installation before automatically closing down. I think that took place just before it finished opening the qubes login screen…
I still couldn’t get the installation to work with or without the nitrokey…
So decided to carry on with step 6 and sign the boot partition which appears to have failed…
when I hit Default Boot I go to There are No Boot Default Options Configured Yet, Would you like to load a menu of Boot Options? I press Yes and as I go into the next menu it shows that ‘verifying signatures failed, Unknown system error’ and i’m back into the Heads Boot Menu…
I can’t find any information on this in posts (not withstanding there are a lot of posts here so I probably missed something helpful) or FAQ’s so any help offered would be appreciated…!
Ok, this is good progress, so now you have a working Nitrokey Storage again and an installed qubes.
The next step is to do a factory reset as described here: Factory Reset — Nitrokey Documentation
Hi Daringer,
I tried the factory reset as per the documentation and everything went well right up to stage 10.
After it said … operation success It gave me the ‘GPG Automated Keygen Failed… Click OK’…
Step 11 then became ‘Heads Couldn’t Find GPG keys’ and I started the process of creating new keys and adding them to the bios over again… following through the process and finally adding a new secret…
There’s a correction on my last post… Instead of Step 10 it should have been step 8… It was then that it told me that it ‘Couldn’t find GPG keys’ When I clicked ‘OK’ I got step 9 screen up but then step 10 screen was ‘Heads Couldn’t Find GPG keys’… At no point did I get the Success screen up…
Is there anyone out there that can tell me why a factory reset can fail please. I am on my twenty fifth attempt and read all the available literature that i can find here and nothing seems to touch on the problems I’m having.
I have done a new qubes installation.
I have 3 user pins and 3 admin pins
I always check before I have another factory reset attempt that my card is recognised and I follow the factory reset instructions… this always fails as it does not recognise the gpg card at the right moment.
Consequently when I’ve finished the reset not having seen the success screen and generated a new TOTP everything looks good when I boot up until I hit boot menu when it tells me ‘No Boot options are set’ When I hit ‘Yes’ to install boot options it takes me back to the ‘Heads Boot Menu’ instead of to the ‘Boot Options Screen’
There is nothing I can see in the documentation that can help me with all this…
you can write support@nitrokey.com and we can arrange something to reinstall your Nitropad.
Based your last message(s) there seems something weird with your Nitrokey and or USB, did you try using another USB slot during factory reset?
Hi @daringer,
I may very well have used another slot as I ended up trying everything I could think of, but I can’t be sure… I tried documenting everything I was doing but I gave up in the end as I realised I was missing some of my actions out, so I have to rely on memory as to what I did…
I will write to support now…
many thanks…
