Binding & Shutdown Issues - Solution in New Release

Binding Issues
In recent weeks we have learned that some developers are experiencing difficulties when binding zymkey to their host/application. Also some have seen loss of connection to the Zymkey in a soft shutdown/reboot situation. Not all users have experienced this issue.

Solution in New Code Release
After digging into the symptoms and various use cases, we believe we have now identified the root issue, which relates to how I2C is managed under Stretch and the existence of certain edge/system conditions. The problem is more apparent on RPi 3B+, for a variety of reasons.

Our dev team has a working solution that is being run through production testing and should be available in a new release within 48 hours. The new release will contain more details and context.

Thanks to all who have helped us identify the root issue and build a solution.

We’ll update you when the release is available.

UPDATE

Ok…the new release is here!

For those of you doing an install on a fresh system, just follow the instructions in our “Getting Started” guide.

For those of you doing an upgrade from a previous installation, just run:
sudo apt update
sudo apt -y install --only-upgrade libzk libzymkeyssl zkbootrtc zkifc zkapputilslib zksaapps
sudo pip install zku --upgrade (use pip3 for python3 support)

For those of you that have an installation that predates Oct. 2018, you may need to update the GPG key for the zymbit repo before running the above:
curl -L "https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg" 2> /dev/null | apt-key add - &>/dev/null

ANOTHER UPDATE
A new release which addresses more timing issues was just issued this morning. The instructions are the same as in the previous update.

Debian package version numbers for this release are:
libzymkey: 1.1-13
zkifc: 1.2-17
zksaapps: 1.0-9
zkbootrtc: 1.1-12
zkapputilslib: 1.1-9
libzymkeyssl: 1.0-8

Update on new release:

Our production testing kicked out an issue on Friday that we have been working to resolve over the weekend… this is why we do testing

We’ll update you again in 48 hours. Thanks for your patience.

Update:
OK, so we have been chasing down one last remaining edge condition relating to how 3B+/Stretch supports dm-crypt/LUKS under certain system configuration/load conditions. We are pretty confident the root cause is now understood, and we have a solution that is going through build/production testing this weekend.

We hope to have something for general release 3/25 ~ 3/26

Thanks again to those who have supported us with their application & test data.

You actually do regression testing! WOW! Kudos to your Q/A department, CTO and whomever insists on such actions. Good job!

Ok…the new release is here!

For those of you doing an install on a fresh system, just follow the instructions in our “Getting Started” guide.

For those of you doing an upgrade from a previous installation, just run:
sudo apt -y install --only-upgrade libzk libzymkeyssl zkbootrtc zkifc zkapputilslib zksaapps
sudo pip install zku --upgrade (use pip3 for python3 support)

I tried the --only-upgrade and received this:
Skipping zksaapps, it is not installed and only upgrades are requested.

Is this needed?

That message just indicates that your original install of the software did not have the zksaapps package. Our current installer installs this. If/when you decide to encrypt your root file system, this package will be installed.

When I try to install it with: sudo apt -y install zksaapps

I get this error: Hash Sum mismatch

Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
zksaapps
0 upgraded, 1 newly installed, 0 to remove and 45 not upgraded.
Need to get 720 kB of archives.
After this operation, 4,188 kB of additional disk space will be used.
Get:1 https://zk-sw-repo.s3.amazonaws.com/apt-repo-stretch stretch/main armhf zksaapps armhf 1.0-8 [720 kB]
Err:1 https://zk-sw-repo.s3.amazonaws.com/apt-repo-stretch stretch/main armhf zksaapps armhf 1.0-8
Hash Sum mismatch
Hashes of expected file:

• SHA256:6ae1416f0fd86bb0dd176630ebdc3321e0ce92112fe83074bd632fe69faea734
• SHA1:cf12624494860a4651f01c6e422b479d108c4a14 [weak]
• MD5Sum:b83db93e805e562b78b57fd0015061dd [weak]
• Filesize:719884 [weak]
  Hashes of received file:
• SHA256:1309e01a80fb0925abeae0082e57afd4a72002e5759928d554dfa75e06ae1cf1
• SHA1:a5d9d954eaf3d7fe1ed7f90a1be076eb00e91793 [weak]
• MD5Sum:b57b31af448695d8f9075f901525c761 [weak]
• Filesize:719560 [weak]
  Last modification reported: Mon, 25 Mar 2019 18:15:00 +0000
  Fetched 720 kB in 1s (577 kB/s)
  E: Failed to fetch https://zk-sw-repo.s3.amazonaws.com/apt-repo-stretch/pool/main/z/zksaapps/zksaapps_1.0-8_armhf.deb

Hash Sum mismatch
Hashes of expected file:
- SHA256:6ae1416f0fd86bb0dd176630ebdc3321e0ce92112fe83074bd632fe69faea734
- SHA1:cf12624494860a4651f01c6e422b479d108c4a14 [weak]
- MD5Sum:b83db93e805e562b78b57fd0015061dd [weak]
- Filesize:719884 [weak]
Hashes of received file:
- SHA256:1309e01a80fb0925abeae0082e57afd4a72002e5759928d554dfa75e06ae1cf1
- SHA1:a5d9d954eaf3d7fe1ed7f90a1be076eb00e91793 [weak]
- MD5Sum:b57b31af448695d8f9075f901525c761 [weak]
- Filesize:719560 [weak]
Last modification reported: Mon, 25 Mar 2019 18:15:00 +0000
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Looks like I forgot to add sudo apt update to the beginning of the reinstall instructions. Full instructions have been edited at the top post.

If that doesn’t work, try updating you gpg key as per the new instructions at the top.

I ended up using “sudo apt-get update”.

That worked. Thanks.

Updated my software and running my little test bench. 10 minutes and counting. Will go walk my dog and let it run for the time I’m gone. It used to fail after 8 minutes. Great job!

@mauricebizzarri would be interesting to know how long a dog walk it took to complete your file encryption ?

Ha ha sorry I’m a little obscure. I walked my dog for an hour. I have a test script that loops forever, timestamping each successful loop. The loop includes encrypting and decrypting a random small file, and also does a tap sense and some other useful things. It was still working after an hour. It’s written in GO and uses the GO Cgo library to access your C library. It seems to work fine. I will now integrate it into my system to secure IoT devices. I’ll let you know when I’m done.

Thanks for the update, and putting zymkey encryption through its paces with GO. We look forward to hearing more about your progress.