Enabling Production Mode - ZYMKEY4

When you have completed your development work with the ZYMKEY4 and are ready to deploy your system into the field, we recommend that you permanently bind your ZYMKEY4 to a specific host device and SD card.

Summary of Steps

Develop your application

Ensure your host has all the necessary prerequisites in place to interface with the ZYMKEY4 and that it will be able to run your software application.

Active production mode

Permanently bind your ZYMKEY4 to the host device.

Develop your application

To begin, ensure that you have followed the Getting Started guide for your ZYMKEY4 carefully to install the prerequisite client software:

To reiterate, before you continue, the following steps should be complete:

• Install a battery on the ZYMKEY4.
• Connect the GPIO header of the ZYMKEY4 to the GPIO pins of the host board while the host is powered down.
• Install ZYMKEY4 software on the host and establish temporary binding in development mode.

After these steps have been completed, you are ready to prepare your device for permanent binding.

Prepare Perimeter Detect

The Perimeter Event Actions for your ZYMKEY4 should be set to none or notify only. If your ZYMKEY4’s action mode is set to selfdestruct, you might render your ZYMKEY4 useless while attempting to activate production mode.

To do this quickly, with the ZYMKEY4 client libraries installed, you can run the following shell command to use the Python API to communicate with the ZYMKEY4 and set the Perimeter Event Actions to do nothing when triggered:

python3 -c "import zymkey;
for ch in (0, 1):
    zymkey.client.set_perimeter_event_actions(ch, action_notify=False, action_self_destruct=False)
zymkey.client.clear_perimeter_detect_info()"

Prepare your application

If you intend to use your ZYMKEY4 to encrypt your root file system, you should complete that step now, using our guide. This step is highly recommended.

You should then install your application on your host SBC (in the encrypted volume, if applicable).

Test, debug, and test again

Test the functionality of your application thoroughly to ensure it is free of major defects that will prevent it from functioning properly. After the ZYMKEY4 has been bound to your host SBC, especially if Perimeter Detect features are in use, it may be difficult to make significant chances to your configuration without locking youself out of the ZYMKEY4, depending on the nature of your application and its configuration.

Activate production mode

Before proceeding, shut your host board down and disconnect it from power. Then, without removing the ZYMKEY4’s battery (if installed), remove the ZYMKEY4 from the host SBC.

Cut the lock tab

Follow the procedure below carefully to move your ZYMKEY4 into production mode.

Finalize your device for deployment

After cutting the lock tab, reinstall the ZYMKEY4 the host SBC, reconnect it to power, and boot into the host. The blink pattern on the ZYMKEY4 will change to 3 rapid blinks once every 3 seconds to indicate that ZYMKEY4 has bound to the host in production mode.

If you are using the Perimeter Detect features, close your perimeter circuits (for example, by closing the enclosure’s lid), and then clear any Perimeter Detect Events using the API:

python3 -c "import zymkey; idx = 0;
zymkey.client.clear_perimeter_detect_info()
for p in zymkey.client.get_perimeter_detect_info():
  if p:
    print(f'Channel {idx} has a detected breach event. Clear the Perimeter Detect Events again.')
    idx += 1
  else:
    print('No perimeter breach detected.')"

If you get a message that a breach event was detected from the above command, run it again to ensure all events have been cleared. When it confirms that no breach events have been detected, it is then safe to arm the system by setting the Perimeter Event Actions to notify or selfdestruct, if desired.

Your system is now armed and ready to be used in the field!