As I learnt today when I had to reboot my server after several weeks for the first time again, my server won’t boot when the Nitrokey HSM is inserted into an USB slot during power-on.
The machine is stuck at the POST screen:
No progress even after several minutes. I had to powercycle the machine.
When the Nitrokey HSM 2 is NOT inserted the machine properly boots and right away shows this POST screen:
When the HSM key is inserted after boot-up there is no problem, everything works as expected (Ubuntu Linux 16.04. running).
Ofc this problem means, I cannot reboot my machine anymore unattended which is a nuisance.
Question:
Is this a known problem?
Are you aware of any workaround, e.g. special BIOS settings to jump over this issue
I don’t know the answer, but maybe a few tips to think about that sometimes in the wheel are forgotten:
Have you enabled to boot from USB and that as a first entry in the boot order ?
Have you tried a different USB slot ?
Last solution: I am using a KVM, where I could also switch a USB slot between the machines. In your case - as a work-around - you could just connect that KVM and switch “away” the HSM during boot.
I think this is first time we hear about this. As @Peacekeeper said, try to change the boot settings.
Alternatively I would change Legacy USB devices setting too.
Nitrokey HSM does not have any other interfaces, than the CCID / smart card access, so BIOS should not really get stuck on it.
Even if I put the Nitrokey in, when I am in the BIOS config menu, the BIOS freezes. So it seems, as soon as the USB device is recognizes and probed the system freezes… - until the OS (Here Linux) is booted…
I am sorry, but I do not have any other ideas.
Here I’ve found a similar topic with Nitrokey Pro: UEFI boot slow with Nitrokey Pro plugged in.
Regarding workaround for now, I would use another machine to access the device over the network, e.g. with a Raspberry PI.
Thank you… Well I will cope with that somehow. It’s a matter of my old but trusty system which won’t get any BIOS updates anymore etc…
Regarding “access over the network”. Are you talking about “https://github.com/iksaif/pkcs11-proxy”? However, this appears to me to be a quite rickety setup :-/
Is there any good integraiton guide for the Nitrokey in combination with that remote access via the network?
Appreciate! Let me know if I should test some more things. Oh by the way: The red LED lights once before the BIOS freezes, as usual. Not sure if this could give you an indication that a “probe” of the device by the BIOS has already happened or not or is just a sign that it got proper power.