Zymbit Security Modules


A New Class of Hardware Security Module for Edge Compute Applications

  • Code compatible with Zymkey4
  • Secure snap-in module
  • Multifactor device ID & authentication
  • Data encryption & signing
  • Key generation & storage
  • Physical tamper detection
  • Hardware root of trust

Easy To Integrate

Developer hats, CAD models and code examples make it easy to embed HSM into your design.

Starter Hat for HSM

  • PiZero HAT footprint
  • Supports HSM4 (full) and HSM6 (limited)
  • Snap in 30 pin connector for HSM
  • Perimeter circuit connections through FPC and header
  • Battery backup with CR2032 coincell, or Molex 51021-0200-B
  • CAD files available

Developer Hat for HSM

  • Full support for HSM4 and HSM6
  • All HSM signals accessible through header
  • Perimeter circuit connections through FPC and header
  • Battery backup with CR2032 coincell
  • CAD files available

CAD Models

  • PCB footprint, schematic symbol, 3D model
  • Altium Designer & CircuitStudio
  • KiCAD
  • Eagle(Jan21)

HSM protects your credentials, data and IP
from cyber-physical attacks.

Layered security with a hardware root of trust.

Simple API makes it easy to integrate HSM4 with your Linux application.

Easy To Integrate.

Pre-written scripts and step by step instructions for popular applications.

Essential security made easy.

Accessible through a simple API running on your host device.

Multifactor Device ID
and Authentication


HSM4 enables remote attestation of host device hardware configuration.

  • Unique ID token created using multiple device specific measurements
  • Cryptographically derived ID token never exposed
  • Custom input factors available to OEMs
  • ID tokens bound to host permanently for manufacture, or temporarily for development
  • Changes in host configuration trigger local hard and API responses, policy dependent

Data Integrity
Encryption & Signing


HSM4’s cryptographic engine uses some of the strongest commercially available cipher functions to encrypt, sign and authenticate data.

  • Strong cipher suite includes ECDSA, ECDH, AES-256, SHA256
  • AES-256 encrypt/decrypt data service
  • Integrates with TLS client-side certificates
  • TRNG – true random number generator, suitable seed for FIPS PUB 140-2, 140-3 DRNG.

Key Security
Generation & Storage


HSM4 generates and stores key pairs in tamper resistant silicon to support a variety of secure services.

  • Multiple key slots, pre-defined and user available
  • Private keys never exposed outside of silicon
  • Fuseable keys available, policy dependent

Physical Tamper Detection


HSM4 monitors the physical environment for symptoms of physical tampering .

  • Power quality monitor detects anomolies like brown-out events
  • Optional accelerometer detects shock and orientation change events
  • Optional perimeter integrity circuits detect breaks in user defined wire loops/mesh
  • Event reporting and response according to pre-defined policies

Real Time Clock


HSM4 includes an optional battery-backed real time clock to support off grid applications.

  • 18-36 month operation, application dependent
  • RTC clock service, available to client applications
  • RTC/UTC anamoly alerts available with zymbit security services
  • 20ppm accuracy (standard). 5ppm accuracy (precision, temperature compensated)

Ultra-Low Power Operation

ultra-low power operation

HSM4 delivers long term autonomous security from a battery:

  • ARM Cortex-M0 microcontroller
  • Years of secure operation from a coin cell – optional larger battery
  • Secure operation autonomous from host

Secure Element
Hardware Root of Trust


HSM4 provides multiple layers of hardware security:

  • Hard to penetrate dual secure-processor architecture
  • Secure elements from Microchip – ATECC608, ATECC508
  • Secure microcontroller isolates and supervises services
  • Hardware based cryptoengine and keystore

3P Integrations


HSM4 is easy to integrate with third party host-side applications such as:

Designed and manufactured in California.

Zymbit products are designed, manufactured and programmed in California in an ISO9001 facility.

OEM pricing, custom features.

Zymbit security modules can be firmware customized for volumes starting at 10K pieces. Hardware build variants and embedded licenses are also available.

Contact us to discuss your specific needs.

Need help with your application?

We’re here to answer your questions and find a solution that fits your needs.
Give us a call to discuss our standard products and OEM engineering services.


or call +1.805.481.4570