Zymkey is a Hardware Security Module for Raspberry Pi Board

Microchip ATECC508A CryptoAuthentication chip appears to be a popular way to add hardware encryption support to development boards, as we’ve seen previously with 96Boards’ Secure96 mezzanine or LoRa explorer kit, and even just earlier today with Analoglamb Fish32 Seed ESP32 education board.

Another solution is from Zymbit which provides Zymkey security modules for Raspberry Pi based on the ATECC508A CryptoAuthentication chip in different form factor: either a USB stick, an I2C module, or for further integration into your own design, an SMT component.

Zymkey Hardware-Security Module Raspberry Pi
Click to Enlarge

Zymkey enables multifactor device ID & authentication, data encryption & signing, key storage & generation, and physical tamper detection. It also features a secure element root of trust, a real-time clock, and a true random number generator (TRNG). The company provides a simple Python or C/C++ API to make it easier to add Zymkey support to any Linux application, and the secure module can  be integrated with third party applications such as LUKS file encryption, OpenSSL, AWS IoT, or the Ethereum Blockchain. Instructions showing how to use Zymkey security module with a Raspberry Pi 3 board can be found in the getting started guide.

Zymbit Zymkey ArchitectureThey have two models of the I2C security module: Zymkey 4i going for $43 and available now, and if you need support for blockchain technology, Zymkey 5i can be pre-ordered for $47 with 32 unique key slots, and support for secp256K1 curves. The 5i model is expected to ship on September 15 onwards. The USB stick version appears to be an earlier product, and I could not find it for sale right now.

Zymkey Raspberry Pi Security Module Blockchain

Since the module simply fits into the section of the Raspberry Pi 40-pin header with I2C signals, an is controlled via a Python or C/C++ API,  I suppose it should also be usable with other boards with the RPi header provided it mechanically and electrically fits.

You’ll find more details and purchase links for the I2C module on the product page.

Support CNX Software - Donate via PayPal or become a Patron on Patreon

3
Leave a Reply

avatar
3 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
MarkusDurandAliaochao Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
liaochao
Guest
liaochao

@CNXSOFT,Yes, this product is great; I have a lot of them here; we can make a friend to talk about those.

DurandA
Guest

It is not clear to me what are the benefits of these modules compared to a raw ATECC508A besides the RTC. The ATTECC508A supports only one curve which is P-256 (secp256r1). The upgraded ATECC608A only adds AES and HKDF. Do they use a secure MCU to perform additional operations like secp256k1 signatures? According to the pictures, it uses an SAML L21 which is not tamper resistant and does not have TrustZone. If it is not based on a secure microcontroller, it only provides some isolation and is certainly not resistant to physical tampering.

If you want to experiment with CryptoAuthentication with Raspberry Pi, you can buy ATECC508A/608A for <1$ in SOIC format or use a cheap breakout board (CJMCU-608).

Markus
Guest
Markus

For properly isolated keystorage etc. there is https://letstrust.de/ for the Pi. Much cheaper, too.