What do the different LED blinking patterns mean?

Click to View Answer
  1. 1 second very rapid flash, 1 second off, 8 slow blinks

    • This indicates interrupted communications.
  2. Quickly 10 times, then slowly 8 times

    • This indicates an electrical connection issue.
  3. Constant rapid blinking

    • This indicates that your Zymkey is operational but not yet configured.
  4. Once every 3 seconds

    • This indicates that your Zymkey is working and running.
  5. Rapid blinking, then slowly 5 times

    • This indicates a failure to communicate with ATECC. The most likely cause is the Zymkey is in Production Mode, tamper detect was set to self-destruct, and a tamper detect event caused the Zymkey to self-destruct. If tamper detect is not armed, this indicates a hardware problem.
  6. Three rapid blinks every 3 seconds

    • This indicates the Zymkey is in Production Mode and is working and running.
  7. Rapid blinking then LED off

    • This indicates the Zymkey is in Production Mode but cannot bind with the RPi / SD card pair. In Production Mode the binding with a particular Pi and SD card becomes permanent. Most likely cause for this is that the Zymkey, the SD card, or the PI has been swapped out.

How can I reset the clock to the current timestamp?

The clock will sync to the current timestamp once the Pi has achieved NTP sync. This requires you to have access to the Internet.

Does “self destruct” mode work before the tab has been cut?

No, it needs to be activated by cutting off the tab.

Is there a way to turn off “self destruct” mode?

Yes, but only before cutting the tab.

If my Zymkey does “self destruct,” can I create new keys and reuse the hardware?

  • The SBC and SD card hardware will be reusable.
  • Because the SD card contents are encrypted and the decryption key was destroyed, the data is lost.
  • The Zymkey will not be reusable because the key slots will be destroyed.

Will Zymkey still self-destruct, even when my SBC is powered off?

Yes, because Zymkey is battery powered. As long as the battery is sufficiently charged, it will still self-destruct.

How do I access the devices (RTC, accelerometer, crypto) on Zymkey?

For Raspberry Pi Zymkey, kernel drivers and libraries for all of the devices are included in the Zymkey software package.

My GPG Key expired and I cannot access the Zymkey Repository. How do I update the Key?

You can update your existing key with the following command:

curl -L https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg | apt-key add -


How do I transition from Developer mode to Production mode?

Click to View Answer

With Zymkey in Developer Mode (Lock Tab in Place)

Do not cut the Lock Tab yet!

  1. Install the battery on Zymkey
  2. Place Zymkey onto the Pi (with power down on the pi)
  3. Turn on the Pi
  4. Install and bind the Zymkey and Pi
  5. Set Perimeter Event Actions to “none” or “notify only”
  6. Create your LUKS encrypted volume
  7. Install your applications into your encrypted volume
  8. Confirm your system and applications work fully as you intend

When you are ready to move Zymkey to Production Mode,

Do not cut the Lock Tab yet!

  1. Turn off the power to the Pi
  2. Do not remove the battery
  3. Remove the Zymkey from the Pi
  4. Cut the Lock Tab
  5. Replace the Zymkey onto the Pi and turn on power to the Pi
  6. Close your perimeter circuit(s) (enclosure lid)
  7. Clear Perimeter Detect Events
  8. Get Perimeter Detect Info to confirm prior events are cleared and the perimeter is closed.
  9. If the Perimeter Detect Event returns clear, then you can ‘arm your system’ as you require by setting Set Perimeter Event Actions to “none”, “notify” or “selfdestruct”
  10. Your system is now armed.

At what point is my Zymkey permanently bonded to my RPi?

Cutting the tab transitions it from Developer mode to Production mode, which causes permanent bonding.

What does the battery do, and what can my Zymkey do without the battery?

Click to View Answer

The battery is required to maintain the Real Time Clock and the perimeter detect circuits when the host power is removed. Without the battery, these two functions will not be active when the host power is removed.
Power vs. Battery

How is Zymkey “paired” or “bound” to a specific host?

Click to View Answer

When Zymkey is communicating with the Zymbit security services it transmits what is known as a “fingerprint”. Some of the ingredients of the fingerprint include the host platform serial number, the SD card serial number and the unique ID in the Zymkey crypto accelerator chip. If any of these ingredients is changed, the fingerprint is guaranteed to be different. This means, for example, that after being provisioned, the Zymkey cannot be moved to another host without special user interaction.


Where can I learn about and/or pre-order future products?

Sign up for our new product email updates here.

Which SBCs are compatible with Zymkey 4?

  • Raspberry Pi 3, 3B+, 4, Zero, Compute Module
  • NVIDIA Jetson Nano
  • Electrically the Zymkey-I2C will interface to any single board computer using I2C. Check compatibility with your particular Linux distribution.

Which operating systems does Zymkey support?

In what aspects (internally and externally) is each Zymkey unique?

  • Each Zymkey has a unique internal multifactor identity that is not accessible.
  • Each Zymkey has a unique QR code that is visible.

How much power does Zymkey consume?

  • Zymkey-RPi (3.3V): idle approx. 1mA; max active < 25mA with LED off, <35mA with LED on.
  • Zymkey-USB (5V): idle approx. 1.5mA; max active < 40mA with LEDs off, < 60mA with LEDs on.

Does Zymkey work with Arduino?

We have no plans to release an Arduino shield version. While we love Arduinos and use them all the time, they generally don’t have enough resources to handle cryptographic operations at this level.