1 files changed, 45 insertions, 0 deletions

diff --git a/markdown/DisasterRecovery.md b/markdown/DisasterRecovery.md
new file mode 100644
index 0000000..9c0e56f
--- /dev/null
+++ b/markdown/DisasterRecovery.md
@@ -0,0 +1,45 @@
+# Disaster Recovery
+
+This page covers a few likely (hopefully unlikely) oh-noes.
+
+## Oh no, I bricked my device
+
+### Recovering from a bad firmware install
+
+You can upload new firmware through the bootloader. On power-up or reset,
+the bootloader flashes the blue LED for 10 seconds. During that time, start
+`cryptech_upload`:
+
+```
+$ cryptech_upload --firmware --user wheel
+PIN: <your-wheel-pin>
+```
+
+### Recovering from a bad bootloader install
+
+Well, now you've done it. You'll need to buy an ST-LINK programmer.
+See [wiki:UsingSTLink].
+
+## Oh no, I'm locked out of my device
+
+If you're staring at this thing for the first time, or if you ran
+`keystore erase`, then you have no PIN. Believe it or not, this is the
+best case scenario. Log in as wheel with the default PIN
+`YouReallyNeedToChangeThisPINRightNowWeAreNotKidding`, and you should be
+able to reset the PINs.
+
+If you forgot the PIN, I feel sorry for you. The only way out of this is
+via [wiki:UsingSTLink ST-LINK]. The easiest way is to debug with `gdb`, set a breakpoint on
+`hal_rpc_login`, and issue the gdb command `return 0`.
+
+## Oh no, I forgot (or reset) the master key
+
+As shipped, the Alpha doesn't include a battery backup for the Master Key
+Memory. So if power is interrupted, the MKM is wiped. (Also, if we had
+tamper protection more sophisticated than a Panic Button, it would wipe
+the MKM when you opened the case to install the ST-LINK cable.)
+
+Sorry, there's nothing that can be done about that. All your keys are
+still in flash memory, but encrypted with the KEK, which is now gone.
+(Unless you used the `masterkey unsecure set` command to store the KEK in
+unprotected flash memory, but you wouldn't do that, would you?)