We use the zymkey only for encryption of the SD card.
(raspian buster created with the latest raspberry pi imager)
And as per the getting started guide: Getting Started: ZYMKEY4i with RASPBERRY PI
And the LUKS guide: Encrypting Your Root File System on RASPBERRY PI - using LUKS & dm-crypt
We get our pi to a state where it is bound in development mode and the SD is encrypted with:
Option 1 - Convert existing SD Card to LUKS
curl -G https://s3.amazonaws.com/zk-sw-repo/mk_encr_sd_rfs.sh | sudo bash
(although i have no way of verifying this)
So far so good but…
5. Set Perimeter Event Actions to “none” or “notify only”
How do i do this? What is the default setting?
I care not for the API nor do I intend to plan on integrating it in our software.
All i care about is encrypting the SD card so it can’t be used elsewhere.
If i’m actually required to set this to “none” because nowhere does it say what the default value is…
I would just like to be able to run a bash script to set it to “none”, for example:
curl -G https://s3.amazonaws.com/zk-sw-repo/disable_permimeter_detection.sh | sudo bash
I would like two things:
- Complete the getting started guide without having to dive into the python modules (a script to disable perimeter)
- A script i can run to verify the encryption status
Futher more:
Do i require a battery when we use the zymkey only for SD encryption?
As stated in https://community.zymbit.com/t/using-perimeter-detect/204/11
It seems for SD encryption only the 4i lite version is enough…
(we use the 4i version currently)
But where do i order these 4i lite versions?
Hi Sebastiaan,
The default is set to notify only. There is nothing you need to do. You do not need to use the API.
To verify the root file system is encrypted, you can use the lsblk command and/or look at the contents of /etc/fstab. You can also check /boot/cmdline.txt to see root file system mount:
pi@raspberrypi:~ $ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
mmcblk0 179:0 0 14.9G 0 disk
├─mmcblk0p1 179:1 0 256M 0 part /boot
└─mmcblk0p2 179:2 0 14.6G 0 part
└─cryptrfs 254:0 0 14.6G 0 crypt /
pi@raspberrypi:~ $
pi@raspberrypi:~ $ cat /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=21df6806-01 /boot vfat defaults 0 2
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
# crypto root fs
/dev/mapper/cryptrfs / ext4 defaults,noatime 0 1
pi@raspberrypi:~ $ cat /boot/cmdline.txt
console=tty1 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles root=/dev/mapper/cryptrfs cryptdevice=/dev/mmcblk0p2:cryptrfs rng_core.default_quality=1000
pi@raspberrypi:~ $
The battery is not required for doing SD encryption.
The 4i lite is a legacy product that is no longer available.
Regards,
Bob