Frequently Asked Questions


Q: What Zymbit products support Bootware 1.1?
Expand for Answer

A: Bootware 1.1 runs on the Secure Compute Module based products - the Secure Edge Node, SCM Development kits, SCM modules. Bootware 1.1 can also run with a ZYMKEY4 on a Dev Kit with an SCM, or with a ZYMKEY on a Raspberry Pi4.


Q: What Operating Systems are supported?
Expand for Answer

A: Bootware 1.1 supports the following OS options:

  • Bookworm 64-bit
  • Bullseye 64-bit
  • Ubuntu 22.04 (jammy) 64-bit

Q: Can I use Bootware to switch Operating Systems from Bookworm to Bullseye or Ubuntu 22.04?
Expand for Answer

A: Yes, you can switch between the supported Operating Systems. Note: The CM4/SCM firmware must include bootloader version 2023/01/11 or later in order to work with Ubuntu 22.04. The version can be verified with the vcgencmd bootloader_version command.


Q: Can I use a custom kernel build?
Expand for Answer

A: Yes, if it is based off of one of the supported OS images - Bullseye or Ubuntu 22.04. You will need to supply your kernel and the corresponding modules from your build. You will need to link or rename your kernel image kernel8.img for Bookworm/Bullseye, or vmlinuz for Ubuntu.


Q: What are the partitioning schema?
Expand for Answer

A: Bootware 1.1 primarily consists of three partitioning schemes:

  • Boot 512MB, RootA: Approximately 50%, RootB: Approximately 50%, Encrypted Data partition 512MB
  • Boot 512MB, RootA: Approximately 100%, Encrypted Data partition 512MB
  • Boot 512MB, RootA: Approximately 50%, Encrypted Data partition 512MB

Q: Are the partitions encrypted?
Expand for Answer

A: Yes, the Root and Data partitions are encrypted with LUKS encryption. The Root partitions are protected by separate keys, i.e. RootA can only be unlocked with its key; the same key cannot unlock RootB. The Data partition is encrypted with a shared key between A and B; the Data partition is accessible by both RootA and RootB. The Boot partition is not encrypted.


Q: What types of curves are used to sign and verify zi images?
Expand for Answer

A: The sign/verify process relies on ECDSA-based curves, in particular secp256k1. Public/Private key pairs can be generated in either software or Zymbit HSM hardware. The ZYMKEY uses software keys.


Q: Is there Bare Metal Recovery?
Expand for Answer

A: Bare metal recovery is not currently available.