Everything I’ve found suggests that the zymkey derives the “fingerprint” for the device id /authentication from the host computer and the SD card serial numbers.
However, …
-
What if the pi is booting from encrypted USB storage and does not have an SD card inserted? Does it use the USB device vendor id instead?
-
If so, does the zymkey use all attached USB device ids as components of it’s fingerprint? In other words, will attaching other USB devices (for instance, additional but non-bootable unencrypted storage) change the fingerprint and disable the zymkey?