ZYMKEY 4i - FAQ
Does ZYMKEY tie me to Zymbit data services ?
No, zymbit no longer provides data services. All of the hardware on ZYMKEY is designed to integrate with third party data services such as AWS IoT Greengrass and Microsoft Azure IoT. For ready to go integrations check out:
Which models of Raspberry Pi is ZYMKEY compatible with?
ZYMKEY-4i is compatible with Raspberry Pi 2, 3, 3B+
What are the differences between USB, I2C and RaspberryPi versions ?
ZYMKEY 4i (I2C)
The I2C version connects to RPi header for power and communications via the I2C serial bus.
Includes perimeter monitoring, all other features the same as ZYMKEY-USB.
ZYMKEY 3U (USB)
USB version connects to USB 2.0 connector for power and communication with RPi or other host.
Features are the same as ZYMKEY-I2C, except perimeter monitoring which is excluded.
How does Raspberry Pi communicate with ZYMKEY?
ZYMKEY uses I²C (GPIO2+3) and 1GPIO lines: GPIO4 .
With ZYMKEY-4i can I still connect other devices to the RPI expansion header ?
Generally yes. ZYMKEY-I2C has a pass-through connector that, when used with an extension header, allows other RPi plates to be added.
GPIO2 and 3 must be configured to support I2C bus. Other devices can co-exist on the I2C bus, certain restrictions apply.
GPIO4 used by ZYMKEY-4i, not available to other applications.
Can I use Zymkey 4i with other single board computers ?
Electrically the ZYMKEY-I2C will interface to any single board computer using I2C.
Check compatibility with your particular Linux distribution.
How is ZYMKEY be “paired” or “bound” to a specific host?
When ZYMKEY is communicating with the Zymbit security services it transmits what is known as a “fingerprint”. Some of the ingredients of the fingerprint include the host platform serial number, the SD card serial number and the unique ID in the ZYMKEY crypto accelerator chip. If any of these ingredients is changed, the fingerprint is guaranteed to be different. This means, for example, that after being provisioned, the ZYMKEY cannot be moved to another host without special user interaction.
Will the RTC (Real Time Clock) keep time when Raspberry Pi is turned off?
Yes. The RTC is powered by a watch battery on the ZYMKEY, it is fully integrated with Linux and will keep time when Raspberry Pi is off.
How do I access the devices (RTC, accelerometer, crypto) on ZYMKEY?
For Raspberry Pi ZYMKEY, kernel drivers and libraries for all of the devices are included in the ZYMKEY software package.
How much power does ZYMKEY consume?
ZYMKEY-RPi (3.3V): idle approx. 1mA; max active < 25mA with LED off, <35mA with LED on.
ZYMKEY-USB (5V): idle approx. 1.5mA; max active < 40mA with LEDs off, < 60mA with LEDs on.
Are the communications between ZYMKEY and Raspberry Pi encrypted?
Communications between the security processor and ZYMKEY are encrypted whenever possible.
Can I use the ZYMKEY for secure data storage?
There is a limited amount of storage available for secure data storage on ZYMKEY. We recommend that large data volumes be stored encrypted on the SD card, with encryption keys and HASH blob stored on ZYMKEY. We will be supporting LUKS encryption from Release 2 onwards.
What happens if multiple ZYMKEYs are connected to the same host? Does this increase security?
There is no direct advantage to security if more than one ZYMKEY is added to a host platform. If multiple ZYMKEY’s are installed the ZYMKEY software APIs will lock out all but the first instance of the ZYMKEY.
How does Zymkey compare to Yubikey of Duo?
Duo and Yubikey products are designed for 2FA (two factor authentication) on personal computers and mobile devices.
Zymkey is a hardware security module designed specifically to secure IoT devices deployed in the wild beyond the security of a firewall or physical barrier. The Zymkey architecture provides multiple layers of security:
- Measured device identity and authentication.
- Key services and secure storage
- Encryption and signing services
- Physical tamper detect sensors
- Independent operation from host CPU and cloud services
- Ultra low power operation from coincell battery.
Does ZYMKEY work with Arduino?
We have no plans to release an Arduino shield version. While we love Arduinos and use them all the time, they generally don’t have enough resources to handle cryptographic operations at this level.