If you have a white keycard, you should change its life cycle state to be SECURED.
All the blue keycard that we ship are already in the right state.
White keycards that we started using for test come straight from the factory, and they are still in a OP_READY state.
The SECURED state activates a tearing protection mechanism that ensures atomic writes, and it avoids writing when the card doesn’t have enough energy to finish writing all the data. We “blocked” a couple of cards during the applet installation via NFC, and changing the card to the right state should avoid other similar issues. /cc @anna
There’s no way to go back to OP_READY after you switch to SECURED. It shouldn’t be a problem because we never need to be in OP_READY.
Download the keycard CLI and check the state of your card:
keycard shell <<EOF
gp-select
gp-open-secure-channel
gp-get-status
EOF
If it’s a white keycard, you should have this output:
CARD STATUS: OP_READY
Before moving to SECURED, we need to change the state to INITIALIZED:
keycard shell <<EOF
gp-select
gp-open-secure-channel
gp-send-apdu 80F08007
EOF
Let’s check again the current status:
keycard shell <<EOF
gp-select
gp-open-secure-channel
gp-get-status
EOF
This time you should have this output:
CARD STATUS: INITIALIZED
Now we can move it to SECURED:
keycard shell <<EOF
gp-select
gp-open-secure-channel
gp-send-apdu 80F0800F
EOF
check again the status:
keycard shell <<EOF
gp-select
gp-open-secure-channel
gp-get-status
EOF
You should finally have this output:
CARD STATUS: SECURED
Happy 
hacking.
