What happens when the battery dies?


#1

Hi there! I’ve just bought a couple of Zymkeys and I’m really excited to try them out. One thing that occurred to me is - what happens when the battery dies and perimeter integrity is set to delete? I’d like to be able to change the battery without bricking the device. Is this possible?

Thanks!


#2

On the zymkey 4i, the tamper detect circuits are inactive when the battery dies. At this point, you can safely change the batteries.

Having said that, there is currently no way to know when the batteries have died. Our future Zymkey 6 will have a battery status feature.

Also FYI, nominal designed battery life is 2.5 years on the 4i.


#3

But once the battery is on again, I imagine that the perimeter will still be breached so that I can access the battery, so it would immediately detect it as a breach. Or am I misunderstanding something?


#4

You are correct, unless you design in some way to connect the tamper detect loop(s) prior to closing up your enclosure.


#5

Is it possible to mount a rechargeable battery that it will charge itself when connected to power? Designing something that can bypass the tamper detect loop seems a backdoor to me.


#6

@https403
The simplest, most robust solution is to use a larger non-rechargeable battery; an 800mAH battery, such as a CR2 3.0V industrial lithium should give you up to 10 years of working life, limited only by the battery, not the zymkey power consumption.
A CR2 (or something of similar capacity) can be connected to the Zymkey with an adapter, such as below.
Make sure to use a 3.0V battery, not 3.6V

Let us know if you need help sourcing the battery/adapter; we can make direct contact with you, or send to info@zymbit.com.

!
!
!

FDL%20CR2%203V
Panasonic%20CR2%203V


#7

@phil Using such a solution just postpone the issue, not solving it.


#8

Hi
Perhaps i misunderstood your use case. If you could share a few objectives that would be helpful.

  1. What is the desired operating lifetime for your product ?
  2. Do you need the ability to open your device (breach the perimeter) during this operating lifetime ?
  3. If yes, then why do you need the ability to open your device - change battery? or something else ?

#9

@https403

As a customer of Zymbit, I also had same concern…but soon decided that it is a great thing for the battery to die (not too soon of course) and wipe the keys…ironic but true (no one likes to have abandoned devices but a working device 10 years later, I doubt would even be possible-unless you are building your own kernel and OS?). I also do not want stale devices out there with outdated updates…better to just kill them and warranty them if clients need that…way cheaper for your fleet of devices, unless you’re making just one? If just one device, do you need an HSM?

Question to answer for yourself (as I had to come to the same realization):

“How long do you want your product to sit idle and unused while technology advances and your company advances? (Remember the battery draw is only when sitting idle). Phil’s solution provides 10 years out of the box.”. IMO, that’s way beyond what we should allow, but this recommendation gives you plenty of time. I mean, if you sell or make a device that sits idle for 10 years, why even bother…after 10 years, and the way the IoT is going, Armageddon will happen before then.

Reply back if more questions, but Zymbit kicks @$$…hands down…don’t be afraid the battery will die…it will die as it should and keep your software and future devices safe.


#11

@phil @hbmaddog
Sorry for the late reply. I’m going to make a OpenPGP master key store and intended for long term storage. However, after reading hbmaddog’s commend, I realize that after 10 years and technology evolves, my master key should be updated to a newer algorithm/bigger key size any way. Breaching the perimeter isn’t that important anymore.

P.S.: I know many people ditch OpenPGP because of difficulties of securing master key and key rotation, but I still want to give a try and see how long I can maintain it.


#12

What happens if the battery dies and you are not using perimeter detection? If you replace the battery and reboot the device will it decrypt the volume as required still or is the key on the zymbit lost?


#13

Had same response and soon revoked my “I don’t care about perimeter breech”

To my understanding, yes, Zymkey will work as you described provided perimeter breech disabled to wipe the encryption keys…but, imagine your case opened, Zymkey disabled to wipe, hacker tethers your device, Zymkey is now decrypted because you chose not to wipe the keys, hacker steals your code and algos to your entire fleet…and the secrets to gain computing power for malicious code injections.

Once I see that, yeah, can’t imagine not using perimeter breech to it’s fullest to protect my entire fleet.

It’s a matter of cost vs reward. If the cost of jeopardizing your entire fleet doesn’t outway the reward of a single device, then I guess perimeter detection/breech can be disabled.

Truthfully, I am putting in a request to the Zymbit team to make this a required feature, not optional feature.

Please respond if any other questions…


#14

@Todd - in answer to your specific question,

"What happens if the battery dies and you are not using perimeter detection? If you replace the battery and reboot the device will it decrypt the volume as required still or is the key on the zymbit lost?

Zymkey4 standard behaviour is as follows; if the battery dies, your keys are not lost in Zymkey. When you reapply power from the host, (with or our without the battery), the LUKS encryption can still utilize the keys as needed, (assuming the same host and SD card).