Encryption with Air Gap

This is a post containing the steps for encrypting your root file system offline using the Zymkey, HSM4, HSM6, or SCM on the bullseye 32 bit desktop image.

  1. Append “arm_64bit=0” to /boot/config.txt (necessary for 32bit OS to find Zymbit packages), enable i2c interface through raspi-config, and reboot
  2. Copy the attached scripts onto the pi
  3. [pi should be online for this part] Download the necessary packages on the pi: cat download_zk_packages.sh script | sudo bash
  4. Run the install script and reboot: cat install_zk_sw_offline.sh | sudo bash
  5. Connect a flash drive and confirm it mounts
  6. Run the encryption script: cat mk_encr_sd_rfs_offline.sh | sudo bash
  7. Wait for 2 automatic reboots. If all goes well, the Blue LED wil flash once every three seconds.

zk-scripts.zip (17.0 KB)