How to use existing keys on a YubiKey with a fresh install #117
Comments
|
@rbreslow : On fresh flash, without keeping persistence, Heads detects that no gpg key material exists inside of the firmware: Resulting in what is showed in doc at https://osresearch.net/Configuring-Keys/#adding-your-pgp-key as this screenshot: Which proposes two alternatives: @rbreslow My question to you would be: What would you want to see there instead? Or what would you replace into the OEM Factory reset/Re-Ownership wizard to make it clearer that current secrets will be wiped? |
|
Honestly, I'm not sure. Looking at things now, the UI seems clear to me. But I know I was confused when I was first trying this. I think that If that option is meant only for an OEM like Insurgo, I might make it more explicit that, as an end-user, this isn't what you want. Also, the docs themselves felt dense, and I skimmed through rather than reading closely. Asking myself, "why," I think the Configuring-Keys page looks like an FAQ rather than a linear tutorial. So this made it difficult to find information about the exact type of setup I wanted. I will have to sit and reflect on this. But I wanted to create an issue so my feeling was tracked. |
From linuxboot/heads#1282:
OEM Factory Reset / Re-Ownership -->will generate keys on the device, OR, will prompt you to generate keys on a hardware token which led me to accidentally wipe my YubiKey.I'm imagining some sort of guided menu that asks "Would you like to use an existing GPG key pair?" And then walks the user through flashing their public key to the BIOS, etc.
The text was updated successfully, but these errors were encountered: