Getting Started with ZYMKEY 4i

Hi @Tgratier
These are the steps you should follow:

With Zymkey in Developer Mode (Lock Tab in Place)

Do not cut the Lock Tab yet !

  1. Install the battery on Zymkey
  2. Place zymkey onto the Pi (with power down on the pi)
  3. Turn on the Pi
  4. Install and bind the zymkey and pi
  5. Set Perimeter Event Actions to “none” or “notify only”
  6. Create your LUKS encrypted volume
  7. Install your applications into your encrypted volume
  8. Confirm your system and applications work fully as you intend

When you are ready to move Zymkey to Production Mode,

Do not cut the Lock Tab yet !

  1. Turn off the power to the Pi.
  2. Do not remove the battery.
  3. Remove the zymkey from the Pi
  4. Cut the Lock Tab
  5. Replace the zymkey onto the Pi and turn on power to the Pi
  6. Close your perimeter circuit(s) (enclosure lid)
  7. Clear Perimeter Detect Events
  8. Get Perimeter Detect Info to confirm prior events are cleared and the perimeter is closed.
  9. If the Perimeter Detect Event returns clear, then you can ‘arm your system’ as you require by setting Set Perimeter Event Actions to “none”, “notify” or “selfdestruct”
  10. Your system is now armed.

Phil,

In “Production Mode”, see items 12 and 18.

I see a conflict of the order and duplication.

Michael A. Dawson
mikedawson@bellsouth.net

CONFIDENTIALITY NOTICE: The information in this transmission is intended only for the individual or entity named above. This E-mail (including any attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, Stored Communications Act (18 U.S.C. § 2701 et seq). is confidential and may be legally privileged. If you have received this information in error, please notify us immediately and delete this transmission and any other documents, files and information transmitted herewith. If the reader of this message is not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution or copying of this communication or its contents is strictly prohibited.

@mikedawson
Thanks for catching that, you are correct. The duplicate step 18 “you can now cut the lock tab” has now been removed and replaced with “your system is now armed”. We’ll post this detail in the getting started guide to clarity.

@grundyoso @Tgratier
We have updated the Getting Started documentation to provide more explicit detail on how to “move Zymkey from Developer Mode to Production Mode”. Let us know if you have any feedback, remaining questions.
Thx

2 Likes

Once the Zymkey is bound to the pi, the Zymkey’s blue LED should blink slowly - once every 3 seconds - to indicate that the binding is complete.

My ZymKey does not do this. After installing the software, it blinks 5 times rapidly, and then it seems like blinks 10 times even more rapidly and then repeats.

What does this indicate, software or hardware issue?

Can you post a short video of the blink pattern - either in this community, or email to support@zymbit.com. Thx

Hi!

I never thanked you for the update, so thx a lot! This is great to have a “step by step” guide.

One more (important) question: in “Production mode”, does the “clear perimeter event” will still work? Of course, only for the “notify” actions.

I mean, if I set one of the perimeter event action to “notify”, should I be able to detect a breach - clear it (if I can be sure it is not a bad one) by software - and “start” again and detect others next breach?

I am thinking about this:

  • one action to notify the breach, but I would like to be able to “arm/desarm” (by wireless communication) the result of this breach for maintenance operations. So I would need to “clear” the event detect beform to arm AGAIN the zymkey when the mantenance will be finished.

  • the other with self destruct instruction to guaranty the full security of my product (even against me);

If the clear event function is not working anymore in production mode I can’t see any useful case to use the “notify flag” because it is a “one shot” use like “self destruct function”…

Thx by advance! I hope you will understand my needs!

Hi again, @Tgratier!

You can clear tamper detect notifications even when the lock tab has been cut (production mode). Keep in mind that if a tamper detect that has self destruct mode set, it will not matter because the zymkey destroys itself at that point. Once in production mode, the tamper detect actions cannot be changed.

However, in the scenario you show, you can have one TD configured for the notify action and the other one configured for self destruct. If the self destruct one is tripped, then the key will be destroyed. If only the notify TD trips, you will get a notification event which can be cleared. The self destruct TD can never be cleared.

Am I understanding your use case correctly?

Yes you did!
Thx you so much (again) for all these clarifications :ok_hand:

Hi,
previously the Zymkey module was working fine in raspbian stretch (raspberry 3), but when I upgraded to raspberry pi 3+ and raspbian buster, the zymkey is not binding (its blinking 5 times/sec), but not once in 3 sec.
Also, irrespective of that when I tried to run the test code, they were giving the attribute error (which I believe is secondary, primary is binding issue.)
is it the stretch/ buster issue, or am I missing something?

@Phil
Hi, could you please help me out with my question?

@siddhartha,I’m also experiencing same thing…Need reply for the same.

Critical members of our staff are on travel at the moment, but we will have an answer early next week.

Did you upgrade from an existing installation of Stretch to Buster or was this a fresh install? If the answer is no, then I assume you have done a fresh installation of Buster. Check to insure that you have enabled i2c support with sudo raspi-config.

We have tested things out and, in spite of an issue reported with Buster involving the Suite status to have changed from ‘testing’ to ‘stable’, we have no problem with Zymkey binding under Buster if the instructions in “Getting Started” are followed.

I wrote my own test code that do only encryption and decryption of data using public key
that is working fine but when I integrate with my project code its giving error in lock bad return code -110 after that zymkey is blinking 5 times per second.If I reboot raspberrypi then only it will
bind properly and one blink per second if I run my project code means it will blink fastly.binding ll go off.

Now I’m able to run both test codes without errors .I just converted strings of data into byte array
and encoded (utf8).

Yes, I did that, and in past it was working just fine.
Is there a possibility of that somehow, I accidentally broke the zymkey? Its taking power that for sure, but not binding after multiple reboots and installations. I switched back to ‘stretch’ but still its not binding.

Are there any other devices on the i2c bus or on GPIO4?