HSM4

Embedded hardware security module for Linux computers.
  • All the great features of ZYMKEY4, in a module
  • Fully encapsulated with hidden connector
  • Encrypted file system with LUKS integration
  • Measured system identity & authentication
  • Secure key generation & storage
  • Data encryption & signing
  • Physical tamper sensors
  • Real time clock
BUY NOW
CONTACT SALES >
Overview
Specifications
Documentation

Overview

Embedded security for Pi computers

Accessing and copying emmc memory contents is not difficult with the right tools, especially for unattended devices deployed outside the security of a physical building. HSM4 provides essential physical and digital security features to protect against such real world exploits.
HSM4 protects digital assets from cyberattacks
MEASURED SYSTEM IDENTITY
PHYSICAL TAMPER SENSORS
DATA ENCRYPTION & SIGNING
FILE SYSTEM ENCRYPTION
KEY STORAGE & GENERATION
CRYPTOGRAPHIC ENGINE
ULTRA LOW POWER
REAL TIME CLOCK
ENCAPSULATED MODULE
HSM6 - embedded hardware wallet

Fully encapsulated module

  • All the great features of  ZYMKEY4, ready to embed on board.
  • Single hidden connector.
  • Software binding lock.
  • External battery

Developer tools

  • The easy way to prototype with HSM4.
  • Developer hats compatible with Raspberry Pi, NVIDIA Jetson Nano, NVIDIA Xavier NX.
  • CAD files available for motherboard integration. 
BUY NOW
full disk encryption
full disk encryption

File system encryption

  • Encrypt root file system with dm-crypt.
  • Protect data, applications and credentials.
  • ZYMKEY integrates seamlessly with LUKS key manager. 
  • Step-by-step guide with prewritten scripts that streamline the process.
full disk encryption
physical tamper detect

Perimeter tamper detect

  • Two independent perimeter circuits  provide layered protection. 
  • User configured policies and actions.
  • Notify or destroy keys on perimeter-breach event.
  • Continuous operation with onboard battery.

Layered security with hardware root of trust

Zymbit security modules provide multiple layers of physical and digital protection for your digital assets, managed through a simple API.

https://www.zymbit.com/wp-content/uploads/2017/03/embedded-security-module-block-diagram-2017.04.11k-1024x740.png
AWS Qualified Device_Zymbit
LEARN MORE

Easy integration with AWS

TLS Client Certificate Authentication
  • Generate Zymkey secured client certs.
  • Bring Your Own Certificate or use AWS.
  • Attach custom policies.
  • Secure connect  client authenticated TLS
Just In Time Client Registration
  • Simplifies large scale fleet deployments
  • Lambda function client registration

Hardware resources

  • PCB footprint, schematic symbol, 3D models
  • Altium Designer & CircuitStudio
  • KiCAD
  • Eagle
  • Mechanical drawings
LEARN MORE
https://www.zymbit.com/wp-content/uploads/2021/09/HSM-CAD-Summary-20210920a-320x268.png
protect sd card on raspberry pi
protect sd card
zymbit secures manufacturing environment

Manufacturing tools

Zymbit manufacturing tools and services help you transition to volume manufacturing quickly and securely.

LEARN MORE

HSM4 in the Press

Read what people are saying about HSM4!
https://www.zymbit.com/wp-content/uploads/2021/08/hackster-TP.png
https://www.zymbit.com/wp-content/uploads/2021/08/linux-gizmos-TP.png
https://www.zymbit.com/wp-content/uploads/2021/08/cnx-soft-TP.png

Specifications

Private / public key pairs 3
Cryptographic Services TRNG (NIST SP800-22)
ECC NIST P-256 (secp256r1)
ECDSA (FIPS186-3)
AES-256 (FIPS 197)
Tamper Sensors 2 x Perimeter breach detection circuits
Accelerometer shock & orientation sensor 
Main power monitor
Software API Python, C++, C
Physical Format Encapsulated module
Dimensions 15.7 x 28.7 x 7.8 mm
0.62 x 1.13 x 0.31 Inches
Connectors Module connector: Hirose Header DF40HC(3.5)-30DS-0.4V(51)
Mating connector: Hirose Receptacle DF40C-30DP-0.4V(51)
Communication I2C, default address, user changeable
GPIO4, user changeable
Production mode lock Software API command
Measured system identity & authentication Standard factors include RPI host, SD card, Zymkey
Data encryption & signing applications. Encrypt root file system with dm-crypt, with LUKS key manager hook
Encrypt data blobs with “zblock” function
Encrypt data in flight with OpenSSL integration
Real time clock 36-60 months operation with external CR2032, application dependent, 5ppm accuracy.
Backup battery Used for RTC and perimeter circuits
External 3V coin cell, eg CR2032
Backup battery monitor No
Last Gasp battery removal detection No
OEM Custom features Contact Zymbit
Example Cipher Suites AWS-IOT | TLS_ECDHE_ECDSA_AES256_SHA
MS-AZURE | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256_P256
Accessories & related products Developer Hat
Warranty 18 months

Documentation

Using Product >
  • Getting started
  • Software APIs – python, C, C++
  • Tutorials
  • FAQ & troubleshooting
Conformity Documents >
  • EU Declaration of Conformity
  • FCC Declaration of Conformity
  • RoHS/Reach Declaration of Conformity
  • California Prop 65 Declaration of
CAD Files >
  • Mechanical dimensions
  • Step model
Manufacturing Tools >
  • Secure high speed encryption appliance
  • Programming and provisioning

Need help choosing product?

Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
EXPLORE PRODUCT
I’M READY TO BUY
Zymbit products are available from major distributors around the world, or directly from our webstore.
Buy now >
I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
Contact support >
https://www.zymbit.com/wp-content/uploads/2017/11/Zymbit-Logo-noBG-small.png

120 Cremona Drive, Goleta, 

California, 93117, USA

+1 (805) 481 4570

PRODUCTS

SUPPORT

SALES

GET UPDATES

Subscribe to email updates.