HSM4
Embedded hardware security module for Linux computers.
- All the great features of ZYMKEY4, in a module
- Fully encapsulated with hidden connector
- Encrypted file system with LUKS integration
- Measured system identity & authentication
- Secure key generation & storage
- Data encryption & signing
- Physical tamper sensors
- Real time clock
Embedded security for Pi computers
Accessing and copying emmc memory contents is not difficult with the right tools, especially for unattended devices deployed outside the security of a physical building. HSM4 provides essential physical and digital security features to protect against such real world exploits.
MEASURED SYSTEM IDENTITY
PHYSICAL TAMPER SENSORS
DATA ENCRYPTION & SIGNING
FILE SYSTEM ENCRYPTION
KEY STORAGE & GENERATION
CRYPTOGRAPHIC ENGINE
ULTRA LOW POWER
REAL TIME CLOCK
ENCAPSULATED MODULE
Fully encapsulated module
- All the great features of ZYMKEY4, ready to embed on board.
- Single hidden connector.
- Software binding lock.
- External battery
Developer tools
- The easy way to prototype with HSM4.
- Developer hats compatible with Raspberry Pi, NVIDIA Jetson Nano, NVIDIA Xavier NX.
- CAD files available for motherboard integration.
File system encryption
- Encrypt root file system with dm-crypt.
- Protect data, applications and credentials.
- ZYMKEY integrates seamlessly with LUKS key manager.
- Step-by-step guide with prewritten scripts that streamline the process.
Perimeter tamper detect
- Two independent perimeter circuits provide layered protection.
- User configured policies and actions.
- Notify or destroy keys on perimeter-breach event.
- Continuous operation with onboard battery.
Layered security with hardware root of trust
Zymbit security modules provide multiple layers of physical and digital protection for your digital assets, managed through a simple API.
Easy integration with AWS
TLS Client Certificate Authentication
- Generate Zymkey secured client certs.
- Bring Your Own Certificate or use AWS.
- Attach custom policies.
- Secure connect client authenticated TLS
Just In Time Client Registration
- Simplifies large scale fleet deployments
- Lambda function client registration
Hardware resources
- PCB footprint, schematic symbol, 3D models
- Altium Designer & CircuitStudio
- KiCAD
- Eagle
- Mechanical drawings
Manufacturing tools
Zymbit manufacturing tools and services help you transition to volume manufacturing quickly and securely.
HSM4 in the Press
Read what people are saying about HSM4!
Specifications
| Private / public key pairs | 3 |
| Cryptographic Services | TRNG (NIST SP800-22) ECC NIST P-256 (secp256r1) ECDSA (FIPS186-3) AES-256 (FIPS 197) |
| Tamper Sensors | 2 x Perimeter breach detection circuits Accelerometer shock & orientation sensor Main power monitor |
| Software API | Python, C++, C |
| Host Interface | Always encrypted channel with ephemeral ECC keys I2C, default address, user changeable GPIO4, user changeable |
| Physical Format | Encapsulated module |
| Dimensions | 15.7 x 28.7 x 7.8 mm 0.62 x 1.13 x 0.31 Inches |
| Connectors | Module connector: Hirose Header DF40HC(3.5)-30DS-0.4V(51) Mating connector: Hirose Receptacle DF40C-30DP-0.4V(51) |
| Production mode lock | Software API command |
| Measured system identity & authentication | Standard factors include RPI host, SD card, Zymkey |
| Data encryption & signing applications. | Encrypt root file system with dm-crypt, with LUKS key manager hook Encrypt data blobs with "zblock" function Encrypt data in flight with OpenSSL integration |
| Real time clock | 36-60 months operation with external CR2032, application dependent, 5ppm accuracy. |
| Backup battery | Used for RTC and perimeter circuits External 3V coin cell, eg CR2032 |
| Backup battery monitor | No |
| Last Gasp battery removal detection | No |
| OEM Custom features | Contact Zymbit |
| Example Cipher Suites | AWS-IOT | TLS_ECDHE_ECDSA_AES256_SHA MS-AZURE | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256_P256 |
| Accessories & related products | Developer Hat |
| Warranty | 18 months |
| Compatibility | Raspberry Pi Zero, 4, 5 |
Documentation
Using Product >
- Getting started
- Software APIs – python, C, C++
- Tutorials
- FAQ & troubleshooting
Conformity Documents >
- EU Declaration of Conformity
- FCC Declaration of Conformity
- RoHS/Reach Declaration of Conformity
- California Prop 65 Declaration of
CAD Files >
- Mechanical dimensions
- Step model
Manufacturing Tools >
- Secure high speed encryption appliance
- Programming and provisioning
Need help choosing product?
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
I'M READY TO BUY
Zymbit products are available from major distributors around the world, or directly from our webstore.
I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
