Using Perimeter Detect


Re-reading “one time after the lock tab has been cut”: does it mean one single time? Do you mean that after the tab has been cut if I set destruct=false, it will remain so forever?


@Iker The Zymkey 4i does not have key deletion or revocation features. Also, as I stated above, after the lock tab has been cut, each perimeter detect has one chance to set its perimeter detect action. This is meant as a security measure. Any attempts to set the action after the one chance will result in an error return from the call.


Ok, now I know for the next time.
In the case the tab has been cut is there any software command I can use to delete key to brick the device?


We do not current have an API for deleting or revoking keys. Mostly, this is by design because we don’t want to take a chance on a bad actor penetrating the device and bricking LUKS encrypted units by deleting keys.


Another question (again :sweat_smile: ), because I cannot test it.
If I am using this flag


Can you confirm me that the zymkey will destruct its keys, even if the Pi is powered off?
It could seem obvious, I know, but I just want to have your confirmation.


Thanks for your question, @Tgratier.

If a tamper detect input is configured for “self destruct” mode and a detection event is triggered, the zymkey will destroy all of its key material even if the Pi is powered off as long as the battery has sufficient charge.

Also, this feature only works when the Zymkey has its lock tab cut.


Ok, that’s what I guessed. Thx!