Add option to do a secrets apps reset for the nk3 similar to: nitropy nk3 secret reset

[nestire]

See #41 for more detail

this should work with user presence (as the nitropy version) so no nk3 firmware change is need.

bigger discussion ticket regarding this is #36

[daringer]

This leads to a additional commandline argument:

hotp_verification reset 

This will:

• factory-reset the secrets app
• only work for nitrokey 3
• silently fail (to be consistent with change-pin and Add option to change the nk3 secret apps pin for reowner ship #40) for non nitrokey 3s

[tlaurion]

End user reported issue liked to this just now https://matrix.to/#/!RNcjJXCGHiyxXCHpKv:matrix.org/$suNZxaOPK-1hUSNccluJABlNvEZTIPt_S1V2orNJsbw?via=matrix.org&via=nitro.chat&via=tchncs.de

[tlaurion]

Ideally, hotp_verification reset would accept a parameter here, which would be the secret app PIN.

Otherwise as can be seen under linuxboot/heads@07f3710, it requires an additional step which would be PIN change, but we don't have a PIN here, since we just reset :)

I still think, as said under #36 (comment) that changing PIN is not really important to Heads use case since we reset. What is important is setting a secret app PIN at moment of oem factory reset/re-ownership.

Need:

• hotp_verification reset DESIRED_SECRET_APP_PIN

[daringer]

ok, so now that things are implemented you bring up the idea to change the requirements ?
awesome, now the plan change after it is already implemented is:

there should be a new command:

hotp_verification reset <SECRET_PIN>

This will:

• factory-reset the secrets app
• only work for nitrokey 3
• silently fail
• the SECRET_PIN is required

Further we will drop the implementation and requirement described in this issue ? Please close this issue, if it is not needed anymore it was created due to your request(s).

[daringer]

is my previous description of the feature you requested as you would like to have it?

[tlaurion]

is my previous description of the feature you requested as you would like to have it?

@sosthene-nitrokey already acknowledged at #46 (comment)

PR are for implementation details. Requirements are: don't break nk2 compatibility, dint cause regression, don't reinvent the wheel. Otherwise open issues/PR with your technology consumers (under heads) for anything nk3 changes/changed/plans to change so we work things together.

Q: change a pin that is not set by default per reset? Hmm.
A: reset should set its related PIN, just like gpg always did for its admin/user required PIN, setting defaults ( that can then further be changed because they exist with a well known default set by default). If you don't set a pin by default, then yes: reset should require a parameter.

Don't reinvent the wheel. Don't break things. Don't add Non-existing PIN, don't set PIN silently on first use with user input. Don't discard PIN provided by user and rely solely on physical attestation to break remote attestation promises. If unsure, ask.

Make things right. Thank you. I'm nicer when I'm not on a deadline. When broken things fall into my pile and I ask for more then 8 months prior of answer after a deadline, I bite. You would too, it's just that you are the producer here, not the consumer. Play the mind game of reverse roles and check how that must feel. Don't reiterate.

[tlaurion]

there should be a new command:

hotp_verification reset <SECRET_PIN>

This will:

• factory-reset the secrets app
• only work for nitrokey 3
• silently fail
• the SECRET_PIN is required

Why silently fail? why not only work for nk3? Anyway, PoC under https://github.com/linuxboot/heads/pull/1850/files#diff-bec315d56e315e18809e58210db23903cfa07559d297a1910f2c3151f6e6e97dR141-R149 only applying to nk3.

But yes, @daringer. This would make it compliant to nk3 with GPG Admin PIN being set prior of use under Heads use case, not silently setting it on first use with typo as of today... Are we clear now?

[daringer]

I would love to read a clear "yes" or "no", if I am asking a closed (yes/no) question.
Interpreting your comment, I infer that you say "yes"

[tlaurion]

@daringer : reset should put a default pin, as gpg Admin PIN did per gpg. That would be 12345678. As per prior of nk3.

This pin should be Secure App PIN, not have a non existing admin/user PIN to not mislead users, UX, and flood support requests because non-sensical and.. not existing.

The clear yes that you are asking is:
If reset doesn't set a default secure element pin and nitrokey obstine into keeping things as they are, then yes, I will deal with hotp_verification reset ADMIN_PIN, but warning of this being a patch upon bad design and reinventing the wheel and complexifying things.

We code but don't think here. I can only repeat myself. This is tiring.

• hotp_verification reset should set a default pin as for nk2 through gpg toolstack, if you want to implement a pin change. Otherwise I don't understand the game were playing here.

• hotp_verification reset SECRET_APP_PIN I can work with, but don't understand your thought process and design decisions.

---

I would love to read a clear "yes" or "no", if I am asking a closed (yes/no) question.
Interpreting your comment, I infer that you say "yes"

TLDR : yes...
hotp_verification reset SECRET_APP_PIN is bare minimal with physical presence constraints of today. Heads won't change the PIN and will have a different implemented workflow of prior nk/lb which was gpg PINs only.
I hope the secure app PIN will be the wording used, additional and uneeded Admin/User wording to vanish otherwise I'll redirect all support requests to nitrokey for that matter in the future.

Last time: #39 (comment)

I repeat

You proposed :

See also issue #36
Change this:

HOTP code verification application, version 1.6
Connected device status:
	Card serial: 0x7BE66C6C
	Firmware: v4.13
	Card counters: Admin 6, User 6
Operation success

To

HOTP code verification application, version 1.6
Connected device status:
	Card serial: 0x7BE66C6C
        Firmware Nitrokey 3: v1.7.1
	Firmware Secrets app: v4.13
	Secret app pin counters : Admin 6, User 6
Operation success

I proposed and restated:

Even more sensical: no secret app even named anywhere because there is none on non nk3(regression), so no version of non existing secret app, no secret app pin, just real information :

HOTP code verification application, version 1.7
Connected device status:
Card serial: 0x7BE66C6C
         Firmware Nitrokey 2: v1.7.1
OpenPGP smartcard PIN counters : Admin: 3, User: 3
Operation success

For nk3:

HOTP code verification application, version 1.7
Connected device status:
Card serial: 0x7BE66C6C
         Firmware Nitrokey 3: v1.7.1
         Firmware Secrets app: v4.13
Secret app PIN counter : 6
OpenPGP smartcard PIN counters : Admin: 3, User: 3
Operation success

Originally posted by @tlaurion in #38 (comment)