oem-factory-reset: reset nk3 secure app PIN early since we need physi…

…cal presence, put nk3 secure APP PIN after TPM but before GPG PINS in output for consistency

Signed-off-by: Thierry Laurion <[email protected]>

initrd/bin/oem-factory-reset

@@ -148,8 +148,6 @@ reset_nk3_secret_app() {
 		echo
 		echo "Resetting Nitrokey 3 Secret App PIN. Physical presence (touch) will be required"
 		#TODO, change message when https://github.com/Nitrokey/nitrokey-hotp-verification/issues/41 is fixed
-		DEBUG "Restarting scdaemon to remove possible exclusive lock of dongle"
-		killall -9 scdaemon 2>&1 >/dev/null || true
 		# Reset Nitrokey 3 secret app with PIN
 		/bin/hotp_verification reset "${ADMIN_PIN}"
 	fi
@@ -537,6 +535,9 @@ gpg_key_factory_reset() {
 	#enable usb storage
 	enable_usb
 
+	#Reset Nitrokey 3 secret app
+	reset_nk3_secret_app
+
 	# Factory reset GPG card
 	echo "GPG factory reset of USB Security Dongle's smartcard..."
 	{
@@ -551,8 +552,6 @@ gpg_key_factory_reset() {
 		whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR"
 	fi
 
-	#Reset Nitrokey 3 secret app
-	reset_nk3_secret_app
 
 	# If Nitrokey Storage is inserted, reset AES keys as well
 	if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ]; then
@@ -1387,14 +1386,13 @@ if [ "$CONFIG_TPM" = "y" ]; then
 	passphrases+="TPM Owner Password: ${TPM_PASS}\n"
 fi
 
-#GPG PINs output
-passphrases+="GPG Admin PIN: ${ADMIN_PIN}\n"
-
 #if nk3 detected, we add the NK3 Secre App PIN. Detect by product ID
 if lsusb | grep -q "20a0:42b2"; then
 	passphrases+="Nitrokey 3 Secret App PIN: ${ADMIN_PIN}\n"
 fi
 
+#GPG PINs output
+passphrases+="GPG Admin PIN: ${ADMIN_PIN}\n"
 #USER PIN was configured if GPG_GEN_KEY_IN_MEMORY is not active or if GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD is active
 if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then
 	passphrases+="GPG User PIN: ${USER_PIN}\n"