Security of disk encryption key

#1

Hello.

My company is in the process of developing a product based on the Raspberry Pi. I have concerns over how simple the copying of the code we develop would be, given that the “product” is solely software in nature.

The Zymkey appears to be the perfect solution to this issue!

I have been trying to gather as much information about how Zymkey works to see if I can find any reasons the Zymkey may not be suitable for our purposes. As far as I can understand the security is based on encrypting the RFS of the RPi, so as no one malicious can log into the system, the code would be secure and removing the SD card would do them no good.

In encrypting the RFS, in brief, it seems as though the Zymkey generates a random key in plain text, the partition to be encrypted is created and dm-crypt is used to encrypt it using the plain text key. The Zymkey then encrypts and locks the key. The RFS to be encrypted is then copied over. When booting, the crypttab is supplied with the key via a keyscript (which I assume passes the locked key to the Zymkey for decryption).

My background in not in security or encryption and I only have a very weak understanding of the topics. I am assuming the the keyscript is kept unencrypted in the boot partition? So would it be possible for the attacker to simply modify the keyscript to have it output the result of the Zymkey decryption? My feeling is that we have the locked key, and the Zymkey which is able to decrypt it, what is to stop attackers supplying the locked key to the Zymkey and getting the result?

What am I missing? :slight_smile:

#2

Hi Fred,

Thanks for your thoughtful question.

The attack vector you describe assumes that an attacker has free, undetected physical access to the SD card.

Zymkey is designed to counter this attack vector. It does so by providing both PHYSICAL and DIGITAL security features that work together (but independent of the host RPi) to detect physical tamper events and respond by disabling or destroying key materials (depending upon the policy you set).

The most important component of PHYSICAL security is the tamper detection circuits available on Zymkey 4i. When integrated with your enclosure they provide a secure envelope in which your RPi & SDCard are protected from physical attack. Learn more > Using Perimeter Detect.

If you need help in integrating tamper detection into your physical solution, then this Protokit is a good starting point > ProtoKit 4S

Hopefully this completes the missing piece in your understanding (physical security). Let us know if you have more questions.