T480 - Yubikey 5 NFC - OEM Factory Reset/Re-Ownership - Setting key attributed to RSA 3072 bits in USB Security dongle failed. #2042
Description
Please identify some basic details to help process the report
A. Provide Hardware Details
-
What board are you using? EOL_t480-maximized
-
Does your computer have a dGPU or is it iGPU-only?
- dGPU (Distinct GPU other then internal GPU)
- iGPU-only (Internal GPU, normally Intel GPU)
-
Who installed Heads on this computer?
- Insurgo (Issues to be reported at https://github.com/linuxboot/heads/issues)
- Nitrokey (Issues to be reported at https://github.com/Nitrokey/heads/issues)
- Purism (Issues to be reported at https://source.puri.sm/firmware/pureboot/-/issues)
- Novacustom (Issues to be reported at https://github.com/Dasharo/dasharo-issues)
- HardnenedVault (Issues to be reported at https://github.com/hardenedvault/vaultboot/issues)
- Other provider
- Self-installed
-
What PGP key is being used?
- Librem Key (Nitrokey Pro 2 rebranded)
- Nitrokey Pro
- Nitrokey Pro 2
- Nitrokey 3 NFC
- Nitrokey 3 NFC Mini
- Nitrokey Storage
- Nitrokey Storage 2
- Yubikey 5 NFC
- Other
-
Are you using the PGP key to provide HOTP verification?
- Yes
- No
- I don't know
B. Identify how the board was flashed
Flashed externally with a Raspberry Pi Pico -H using serprog firmware from libreboot, and using flashprog on Ubuntu 25.10.
-
Is this problem related to updating heads or flashing it for the first time?
- First-time flash
- Updating heads
-
If the problem is related to an update, how did you attempt to apply the update?
- Using the Heads menus
- Flashrom via the Recovery Shell
- External flashing
-
How was Heads initially flashed?
- External flashing
- Internal-only / 1vyprep+1vyrain / skulls
- Don't know
-
Was the board flashed with a maximized or non-maximized/legacy rom?
- Maximized
- Non-maximized / legacy
- I don't know
-
If Heads was externally flashed, was IFD unlocked?
- Yes
- No
- Don't know
C. Identify the rom related to this bug report
-
Did you download or build the rom at issue in this bug report?
- I downloaded it
- I built it
-
If you downloaded your rom, where did you get it from?
- Heads CircleCi
- Purism
- Nitrokey
- Dasharo DTS (Novacustom)
- Somewhere else (please identify)
Please provide the release number or otherwise identify the rom downloaded
heads-EOL_t480-maximized-v0.2.0-2853-g3b656d0.rom -
If you built your rom, which repository:branch did you use?
- Heads:Master
- Other (please identify)
-
What version of coreboot did you use in building?
{ You can find this information from github commit ID or once flashed, by giving the complete version from Sytem Information under Options --> menu}
Cannot find this information in Options --> Menu -
In building the rom, where did you get the blobs?
- No blobs required
- Provided by the company that installed Heads on the device
- Extracted from a backup rom taken from this device
- Extracted from another backup rom taken from another device (please identify the board model)
- Extracted from the online bios using the automated tools provided in Heads
- I don't know
Please describe the problem
Describe the bug
A clear and concise description of what the bug is.
When I select the "OEM Factory Reset / Re-Ownership" Option in heads, and plug in a Yubikey 5 NFC, as well as a USB Thumb drive, and answer all the questions, it crashes after trying to write to my Yubikey. A red screen with the error "Setting key attributed to RSA 3072 bits in USB Security dongle failed."
To Reproduce
Steps to reproduce the behavior:
- Go to 'OEM Factory Reset / Re-Ownership'
- Anser all the questions
- Plug in Yubikey 5 and USB thumb drive
- Let heads attempt to write a GPG key to the Yubikey
- Error appears "Setting key attributed to RSA 3072 bits in USB Security dongle failed."
Expected behavior
I expect the Yubikey to be provisioned and the PGP key properly written to it with no errors.
Screenshots
Additional context
Add any other context about the problem here.