Server stuck in POST when Nitrokey HSM is inserted

As I learnt today when I had to reboot my server after several weeks for the first time again, my server won’t boot when the Nitrokey HSM is inserted into an USB slot during power-on.

The machine is stuck at the POST screen:


No progress even after several minutes. I had to powercycle the machine.

When the Nitrokey HSM 2 is NOT inserted the machine properly boots and right away shows this POST screen:


When the HSM key is inserted after boot-up there is no problem, everything works as expected (Ubuntu Linux 16.04. running).

Ofc this problem means, I cannot reboot my machine anymore unattended which is a nuisance.


  • Is this a known problem?
  • Are you aware of any workaround, e.g. special BIOS settings to jump over this issue

Machine: Fujitsu Celsius W420
BIOS: V4.6.5.3 R1.23.0 for D3162-C1x
Release Date: 12/01/2014

Yes I know it’s a dated machine and technically not really a “server”, but that’s the way it is.

I don’t know the answer, but maybe a few tips to think about that sometimes in the wheel are forgotten:

  • Have you enabled to boot from USB and that as a first entry in the boot order ?
  • Have you tried a different USB slot ?

Last solution: I am using a KVM, where I could also switch a USB slot between the machines. In your case - as a work-around - you could just connect that KVM and switch “away” the HSM during boot.

I think this is first time we hear about this. As @Peacekeeper said, try to change the boot settings.
Alternatively I would change Legacy USB devices setting too.
Nitrokey HSM does not have any other interfaces, than the CCID / smart card access, so BIOS should not really get stuck on it.

Thank you both! These are good suggestions! I will check those settings!

Unfortunately none of the approaches worked… :frowning:

  • USB Legacy Support = on
  • Boot from removable media = disabled
  • Boot order: does not contain any USB device
  • Tried different USB slot? Yes

Even if I put the Nitrokey in, when I am in the BIOS config menu, the BIOS freezes. So it seems, as soon as the USB device is recognizes and probed the system freezes… - until the OS (Here Linux) is booted…

I am sorry, but I do not have any other ideas.
Here I’ve found a similar topic with Nitrokey Pro: UEFI boot slow with Nitrokey Pro plugged in.
Regarding workaround for now, I would use another machine to access the device over the network, e.g. with a Raspberry PI.

Perhaps try a BIOS update, if available.

Thank you… Well I will cope with that somehow. It’s a matter of my old but trusty system which won’t get any BIOS updates anymore etc…

Regarding “access over the network”. Are you talking about “”? However, this appears to me to be a quite rickety setup :-/

Is there any good integraiton guide for the Nitrokey in combination with that remote access via the network?

Regarding pkcs11-proxy I think we had a guide in the production somewhere.
@jan @nitroalex?

Either way we should keep this issue in mind.
Edit: registered as nitrokey-pro-firmware#70.

Appreciate! Let me know if I should test some more things. Oh by the way: The red LED lights once before the BIOS freezes, as usual. Not sure if this could give you an indication that a “probe” of the device by the BIOS has already happened or not or is just a sign that it got proper power.

Could you please send me this guide for pkcs11-proxy?

Sorry, but I could not find it for you. What I know right now:

I will look once again, but I have a feeling it is gone. Will post here when I stumble on it.

I got a reply from my colleague working on it, and it turns out we have changed the solution to this one:

It has better code quality and documentation, and is much more stable.

Thank you very much!