Sorry if it is a duplicate question. I was unable to find the answer to my question on the forum.
Could someone please point out to me what are the benefits of switching to a production mode for the Zymbit on RaspberryPi (mainly from the security point of view). After looking at the documentation I understand that switching to a production mode permanently binds the Zymbit to a specific Pi and SD Card, but what is the real benefit of that?
I was able to setup the Zymbit with Pi in the developer mode and I can confirm that the data is encrypted as desired. From what I understand if someone tried to acquire the source code from the SD Card/Pi, they wouldn’t be able to, even if it is setup with the development mode. The only thing I can see is that someone could take this Zymbit module and set it up with their own device, but that is not my concern really. Is there anything I am missing?
The major difference relates to the binding of the (zymkey + SDcard + RPI), which is a process in which Zymkey measures the system fingerprint to create a unique system identity.
In Developer Mode the bindings are NOT permanent. Each time you power cycle the Pi, a new binding is established. This means you can swap out the Pi or the SDcard, and the Zymkey will re-measure their system fingerprint and create a new binding. This is convenient when you are developing and changing components around, but its not secure for production.
In Production Mode the bindings become permanent on the first power cycle after the lock tab is cut. It is the act of cutting the lock-tab that places the Zymkey into Production Mode, and the Zymkey is then permanently ‘bound to’ the specific Pi and SDcard. The measured system fingerprint, and the resulting unique system identity are thus permanent too.
Once in production mode, the Zymkey will measure the system fingerprint from time to time.
If the system fingerprint matches, then Zymkey will authenticate the system identity and make security services available to the API. (assuming no other breach event, such as tamper).
If the system fingerprint does not match, then Zymkey will not authenticate the system identity and will deny security services.
That is a very comprehensive answer @Phil_of_Zymbit, thank you for that.
Just to ensure I understand everything correctly, if I install the Zymkey in the Developer Mode only, once the SD Card is removed from the Pi its content cannot be read regardless, is that correct? To use this card, someone would have to flash it first, losing all its content?
@Irek That is true, but if you want to use the tamper detection in order to destroy the zymkey key material via self-destruct mode, you must be in production mode. This is important in order to prevent a bad actor from opening your box and installing hardware that siphons off critical data or modifying the boot loader, etc.