Background: Pi4, running bullseye lite 32bit, SD card is encrypted and zymbit4 is working fine in developer mode.
Can I do an API call to initiate a self destruct without having a perimeter event? Can you test self destruct at all in developer mode, or is it just ignored?
From the API, I was looking at “remove_key(slot, foreign= False)” but I’m not sure if that will delete the keys used for LUKS.
I want an external application to be able to self destruct the zymkey based on x, y, or z activities or on demand, not just through pre-defined API settings. Is this possible?
I guess the biggest question is can you initiate a self destruct through an API call?
There is not an API call to initiate a self-destruct. slef-destruct is only available via Perimeter Detect events. On the ZYMKEY in Developer Mode, the self-destruct is ignored.
The remove_key() function is only applicable to the HSM6, not the ZYMKEY or HSM4. Commands only supported on the HSM6 in the API docs will include
(model >= HSM6).
Thanks for the prompt response. I just saw the “(model >= HSM6)” as I was investigating additional calls.
With an HSM6 could you delete the keys with an API call to “self destruct” at will via the remove_key() call?
Lastly, is there any plans to make a self destruct API call for incorporation into other applications?
The remove_key() call only acts on the standard key store area. The encryption scripts by default do not use the keys in the standard key store to lock the LUKS key. It would take some modifications to standard product. Adding a self-destruct feature has come up before but as of today, there are no plans to add into the standard product.
If you would like us to consider implementing something like this, please contact sales to discuss your project needs.
Thanks for the thorough response…I might try and rig something up to an open GPIO to break the perimeter circuit on command as a workaround.