Pi clones with eMMC

ZYMKEY4
1

Have you have tested or support any pi-like devices that use emmc?
eg, Orange Pi 3, Banana Pi BPI-M64, ROCK64 or any others.
I’m wondering if using emmc would be more secure than using an sd card if you weren’t using the perimeter detect component of the zymkey

Would the boot process be anymore secure using the embedded flash (smt, not a pluggable module) or could it still be tampered with?

I found a post from March last year where you stated you were working on support for Odroid, tinkerboard, beagleboard etc. Is there any update on that?
thanks

2

We have prototyped on Odroid and Beaglebone. Using eMMC, even if it’s soldered on board, really doesn’t give much of a security advantage because someone determined could still easily tap on to the eMMC signals and suck out the binary image, so it’s still important to encrypt partitions, especially the ones with sensitive data or intellectual property.

Using zymkey to store private keys securely tied to a tamper detect system is still important for eMMC based systems.

3

Be aware that some of the OrangePi boards have the pins reversed, so your board may not work. Or the smoke make come out of it…

4

Thanks for the info. We don’t like to see the genies coming out of the chips :slight_smile:

5

Hello
I’m interested to mount the zymkey on RockPi 4 SBCs (rockpi dot org)

The I2C bus is active (test with OLED display works fine)

But the install_zk_sw script from https://community.zymbit.com/t/getting-started-with-zymkey-4i/202 throws some warnings and errors.

  Downloading https://files.pythonhosted.org/packages/c7/fc/9728f1f708ecd5981007abe133d44fdcddf40915f8d13e12a140b77376ae/inotify-0.2.10-py2-none-any.whl
Collecting nose (from inotify)
  Downloading https://files.pythonhosted.org/packages/99/4f/13fb671119e65c4dce97c60e67d3fd9e6f7f809f2b307e2611f4701205cb/nose-1.3.7-py2-none-any.whl (154kB)
100% |################################| 163kB 2.1MB/s
Installing collected packages: nose, inotify
Successfully installed inotify-0.2.10 nose-1.3.7
Collecting pycurl
  Downloading https://files.pythonhosted.org/packages/e8/e4/0dbb8735407189f00b33d84122b9be52c790c7c3b25286826f4e1bdb7bde/pycurl-7.43.0.2.tar.gz (214kB)
100% |################################| 215kB 1.7MB/s
Building wheels for collected packages: pycurl
  Running setup.py bdist_wheel for pycurl ... error
  Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-bakZNp/pycurl/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpaV5Mj1pip-wheel- --python-tag cp27:
  Using curl-config (libcurl 7.52.1)
  usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
 or: -c --help [cmd1 cmd2 ...]
 or: -c --help-commands
 or: -c cmd --help

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for pycurl
  Running setup.py clean for pycurl
Failed to build pycurl
Installing collected packages: pycurl
  Running setup.py install for pycurl ... done
Successfully installed pycurl-7.43.0.2
Collecting progress
  Downloading https://files.pythonhosted.org/packages/38/ef/2e887b3d2b248916fc2121889ce68af8a16aaddbe82f9ae6533c24ff0d2b/progress-1.5.tar.gz
Building wheels for collected packages: progress
  Running setup.py bdist_wheel for progress ... error
  Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-ddqPfv/progress/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpQyMoZSpip-wheel- --python-tag cp27:
  usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
 or: -c --help [cmd1 cmd2 ...]
 or: -c --help-commands
 or: -c cmd --help

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for progress
  Running setup.py clean for progress
Failed to build progress
Installing collected packages: progress
  Running setup.py install for progress ... done
Successfully installed progress-1.5
Collecting python-gnupg
  Downloading https://files.pythonhosted.org/packages/8b/26/14248358136cbd2b24652de2934078d66ed13ae4542c8b0cef0a8fade67d/python_gnupg-0.4.4-py2.py3-none-any.whl
Installing collected packages: python-gnupg
  Installing from a newer Wheel-Version (1.1)
Successfully installed python-gnupg-0.4.4
Collecting inotify
  Downloading https://files.pythonhosted.org/packages/35/cb/6d564f8a3f25d9516298dce151670d01e43a4b3b769c1c15f40453179cd5/inotify-0.2.10.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named 'setuptools'

----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-4isxom_d/inotify/
Requirement already satisfied: pycurl in /usr/lib/python3/dist-packages
Collecting progress
  Using cached https://files.pythonhosted.org/packages/38/ef/2e887b3d2b248916fc2121889ce68af8a16aaddbe82f9ae6533c24ff0d2b/progress-1.5.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named 'setuptools'

----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bgi73p2j/progress/
Collecting python-gnupg
  Using cached https://files.pythonhosted.org/packages/8b/26/14248358136cbd2b24652de2934078d66ed13ae4542c8b0cef0a8fade67d/python_gnupg-0.4.4-py2.py3-none-any.whl
Installing collected packages: python-gnupg
  Installing from a newer Wheel-Version (1.1)
Successfully installed python-gnupg-0.4.4
done.
Importing Zymbit Packages gpg key... done.
Installing /etc/apt/sources.list.d/zymbit.list...done...Updating now.
Installing Zymkey Packages...

After reboot the blue led continue blinking fast.

Not sure if I must and can customize the GPIO and I2C port numbers
https wiki dot radxa dot com/Rockpi4/hardware/rockpi4#gpio

6

We don’t officially support any other platforms except Raspberry Pi yet but we have done some proof of concept on ODroid, Tinkerboard and BeagleBone. There are a couple of things to make sure of:

  1. Our Debian packages currently are only available for 32-bit systems. If your distro is 64-bit things, our software won’t work.
  2. Make sure that there the groups ‘i2c’ and ‘gpio’ are present. Typically on distros other than Raspbian, those groups do not exist. In this case, the way to get the group ‘i2c’ is to install ‘i2c-tools’. Things are a bit more complicated for group ‘gpio’: you may have to create the group with ‘sudo groupadd gpio’. Next, you will have to make sure you have an appropriate udev rule so that everything under /sys/class/gpio is reassigned to group ‘gpio’.

We are planning on releasing support for 64-bit Ubuntu bionic soon and, consequently, a new install script that will address the issues I have mentioned above. This is currently in test.

1 Like
7

Thank you for this information.
Indeed I tried this on Armbian Bionic and Stretch 64bit Distro’s
i2c-tools and the groups are already installed/created, as I also use I2C OLED displays.

So I’m very interested in upcoming 64bit support.

8

From my point of view, soldered eMMC is more secured than SD (not removable, hard to unsold a BGA).
64bit support is just now mandatory…hope you will release a compatible version asap :slight_smile: