Hello!
We’re currently investigating the use of the Zymkey 4i for encrypting our Linux rootfs on an RPi CM3+. Previous investigations during Ubuntu 20.04 times showed it would be possible to just generate a locked key from within a special initramfs for easy first-bootup setup in a factory, resulting in an encrypted rootfs and bootup via the Zymkey.
With Ubuntu 22.04 though it shows that temporarily running zkifc for setting up /var/lib/zymbit doesn’t result in creation of the required salt file anymore, resulting in an incomplete state during key creation for LUKS to be prepared with a new key.
This is with a custom initramfs which just sets up the device after factory flash and deletes itself from storage after completion.
Have there been changes to the zk utilities that disallow setup without NTP? During factory setup the device wouldn’t have networking abilities, hence it would require a different way of setting up the environment.
Thanks.