Issues using zkgrifs, zklockifs & zkunlockifs

ZYMKEY4
1

Using the Zymkey 4 on a Raspberry 4 I’m eventually wanting to use the functionality of unlocking LUKS via the Zymkey measuring the state of the Raspberry Pi.
I’ve seen the ‘mk_encr_sd_rfs.sh’ and wanted to test some of the individual binaries this script calls: zkgrifs, zklockifs and zkunlockifs.

I’m finding a that these aren’t reliable to call? Whilst the first 2 work for me I frequently get issues
ubuntu@ubuntu:~$ sudo zkgrifs > test-key.bin Segmentation fault

or

ubuntu@ubuntu:~$ sudo zkgrifs > test-key.bin could not process msg led_msg failed Unexpected response received. sessionMsgID = 0100, rx msgid = ffff, expected_msg_id = 0007 led_msg failed

I know these binaries should eventually be ran in the initramfs but should they also work when fully booted?

2

Those binaries are meant as Zymbit standalone tools to be called within our scripts, not directly by the customer. They require stopping zkifc and setting environment variables properly which our scripts take care of.

The same functionality is available via the APIs. For instance, instead of zkgrifs, you can use get_random(bytes),

#!/usr/bin/python3

import zymkey
from textwrap import fill

if __name__ == "__main__":

    # Example get_random data and display it

    print('Testing get_random() with 64 bytes...')
    num = 64
    random_bytes = zymkey.client.get_random(num)
    s = fill(' '.join('{:02X}'.format(c) for c in random_bytes), 49)
    print(s)
1 Like