HSM60
Seamless Security for Raspberry Pi Compute Modules
- Easy to integrate interposer module
- 640 key slots with BIP, SLIP wallet support
- Always-encrypted host interface
- Last gasp key-destruction on power loss
- Seamless integration with Bootware
- Hardware root of trust
- File system encryption
- Secure key generation & storage
- Data encryption & signing
- Perimeter tamper sensors
- Measured system identity & authentication
- Real time clock
Specifications
| Private / public key pairs | 512 |
| Foreign public key pairs | 128 |
| Wallet functions | BIP 32 - hierarchical deterministic wallet BIP 39 - master seed mnemonic generator SLIP 39 - with shamir's secret sharing BIP 44 - multi-account support |
| Cryptographic Services | ECC KOBLITZ P-256 (secp256k1) ED25519, X25519 ECDH (FIPS SP800-56A) TRNG (NIST SP800-22, NIST SP800/90B, NIST SP800/90C pending) ECC NIST P-256 (secp256r1) ECDSA (FIPS186-3) AES-256 (FIPS 197) |
| Tamper Sensors | 2 x Perimeter breach detection circuits Accelerometer shock & orientation sensor Main power monitor Battery power monitor Battery removal monitor |
| Software API | Python, C++, C |
| Host Interface | Always encrypted channel with ephemeral ECC keys I2C, default address, user changeable GPIO4, user changeable |
| Physical Format | Raspberry Pi CM interposer module |
| Dimensions | 55.0 x 40.0 x 5.6 mm 2.16 x 1.57 x 1.57 Inches |
| Board Connectors |
Motherboard connector x2 : Hirose Receptacle DF40HC(3.0)-100DS-0.4V(51) Compute Module connector x2 : Hirose Header DF40C-100DP-0.4V(51) Perimeter: 12pin JST 0.8mm receptacle (mates with JST 12SUR-32S) Battery: 2pin JST 0.8mm receptacle (mates with JST 2SUR-32S) |
| Production mode lock | Software API command |
| Measured system identity & authentication | Multiple system factors including RPI host, HSM60 |
| Data encryption & signing applications. | Encrypt root file system with dm-crypt, with LUKS key manager hook Encrypt data blobs with "zblock" function Encrypt data in flight with OpenSSL integration |
| Real time clock | 36-60 months operation, application dependent, 5ppm accuracy. |
| Backup battery | Used for RTC and perimeter circuits Requires JST connected coin cell, RPI 5 RTC battery , or similar, (not included) Recommend |
| Backup battery monitor | Yes |
| Last Gasp battery removal detection | Yes |
| OEM Custom features | Contact Zymbit |
| Example Cipher Suites | AWS-IOT | TLS_ECDHE_ECDSA_AES256_SHA MS-AZURE | TLS_ECDHE_ECDSA_AES_128_GCM_SHA256_P256 |
| Accessories & related products | Backup battery, perimeter cables |
| Warranty | 18 months |
| Compatibility | Pi CM5, CM4 |
Documentation
Using Product >
- Getting started
- Software APIs – python, C, C++
- Tutorials
- FAQ & troubleshooting
Conformity Documents >
- EU Declaration of Conformity
- FCC Declaration of Conformity
- RoHS/Reach Declaration of Conformity
- California Prop 65 Declaration of
CAD Files >
- Mechanical dimensions
- Step model
Manufacturing Tools >
- Secure high speed encryption appliance
- Programming and provisioning
Need help choosing product?
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
I'M READY TO BUY
Zymbit products are available from major distributors around the world, or directly from our webstore.
I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
