ZYMKEY - TECHNICAL FAQ
Will the RTC (Real Time Clock) keep time when Raspberry Pi is turned off?
Yes. The RTC is powered by a watch battery on the ZYMKEY, it is fully integrated with Linux and will keep time when Raspberry Pi is off.
How much power does ZYMKEY consume?
ZYMKEY-RPi (3.3V): idle approx. 1mA; max active < 25mA with LED off, <35mA with LED on.
ZYMKEY-USB (5V): idle approx. 1.5mA; max active < 40mA with LEDs off, < 60mA with LEDs on.
How does Raspberry Pi communicate with ZYMKEY?
ZYMKEY uses I²C (GPIO2+3) and 1GPIO lines: GPIO4 .
Are the communications between ZYMKEY and Raspberry Pi encrypted?
Communications between the security processor and ZYMKEY are encrypted whenever possible.
The USB ZYMKEY communicates with the host in encrypted mode by default, with only certain functions operating in plaintext (such as accelerometer data streaming).
Can I use the ZYMKEY for secure data storage?
There is a limited amount of storage available for secure data storage on ZYMKEY. We recommend that large data volumes be stored encrypted on the SD card, with encryption keys and HASH blob stored on ZYMKEY. We will be supporting LUKS encryption from Release 2 onwards.
What happens if multiple ZYMKEYs are connected to the same host? Does this increase security?
There is no direct advantage to security if more than one ZYMKEY is added to a host platform. If multiple ZYMKEY's are installed the ZYMKEY software APIs will lock out all but the first instance of the ZYMKEY.
How is ZYMKEY be “paired” or "bound" to a specific host?
When ZYMKEY is communicating with the Zymbit security services it transmits what is known as a “fingerprint”. Some of the ingredients of the fingerprint include the host platform serial number, the SD card serial number and the unique ID in the ZYMKEY crypto accelerator chip. If any of these ingredients is changed, the fingerprint is guaranteed to be different. This means, for example, that after being provisioned, the ZYMKEY cannot be moved to another host without special user interaction.
How do I access the devices (RTC, accelerometer, crypto) on ZYMKEY?
For Raspberry Pi ZYMKEY, kernel drivers and libraries for all of the devices are included in the ZYMKEY software package. For the USB ZYMKEY, the USB driver is included in the package as well. Zymbit recommends using the official Zymbit software API to control the ZYMKEY.
Can an alert be issued if a ZYMKEY-equipped Raspberry Pi has been tampered with? How are the notifications issued?
After ZYMKEY is properly installed and provisioned, it will detect the following types of events: system shutdown and startup, certain critical system errors (such as disk errors), device acceleration (using the built-in accelerometer), USB device insertion and removal, ZYMKEY removal, other system changes (see the previous question). The notifications are issued through Zymbit cloud services – please refer to API manual for further details.