General FAQ & Troubleshooting

Release Notes - Latest Release 3/28/2025 (Zymbit Ref: RC-25.01)

Updated Zymbit Driver Package release common to all products: ZYMKEY4, HSM4, HSM6, and SCM-based product line. Existing customers can do an update/upgrade to get the latest code.

sudo apt-get update
sudo apt install --only-upgrade libzk libzymkeyssl zkbootrtc zkifc zkapputilslib zksaapps zkpkcs11
sudo pip3 install zku --upgrade

Bug fixes:

• #186: zkifc: Babbling with time sync issues. Setting the time forward or backwards caused zkifc to think it lost contact with the Zymkey. Babbling messages would result with the potential to fill logs with rapid messages. Babbling messages are now limited, and recovery has been improved. Fixed in zkifc 1.2-37.

Current Versions:

Issues and Solutions

Expired GPG Key Preventing Access to Repository

The Zymbit GPG key expired and was renewed on September 30, 2024. New installations should not have any problems. apt-get update may complain that the GPG key has expired. To update your local key, do the following:

curl -L https://zk-sw-repo.s3.amazonaws.com/apt-zymkey-pubkey.gpg | sudo gpg --dearmor --yes -o /usr/share/keyrings/zymbit.gpg

For those of you that are on older installations, make sure the signed-by option is included in the /etc/apt/sources.list.d/zymbit.list,

This parameter - [signed-by=/usr/share/keyrings/zymbit.gpg]

The following will check and fix for you,

sudo sed -i 's/^deb https/deb [signed-by=\/usr\/share\/keyrings\/zymbit.gpg] https/' /etc/apt/sources.list.d/zymbit.list

Wake-Pin Issues for upgrades to Kernel 6.6 and later

The installation script takes care of the following for you. If you are doing a new installation, you should not have to worry about the following. If you already installed the Zymbit Driver Package and then upgraded the kernel to something beyond 6.6, please note the following.

Raspberry PI OS Bookworm updated the kernel to version 6.6.y in March 2024. The kernel no longer overrides an upstream kernel decision to force the base number of the main GPIO controller to be global GPIO 0. If the WAKE_PIN number is not set, the ZYMKEY will not bind. You will see 5 flashes per second continuously.For RPI4, RPI5, and CM4 platforms, you will need to set the WAKE_PIN in the following manner:

Determine the numbering for GPIO4 by examining /sys/kernel/debug/gpio for the number associated with GPIO4, then set an environment variable in the Zymbit environment variable file:

sudo su
wake_pin=`grep GPIO4 /sys/kernel/debug/gpio | sed -r 's/[^0-9]*([0-9]*).*/\1/'`
echo "wake_pin=$wake_pin"   # sanity check value is set
echo "ZK_GPIO_WAKE_PIN=$wake_pin" > /var/lib/zymbit/zkenv.conf
systemctl restart zkifc

As of 6.6.20, the numbering is: RPI4=516 RPI5=575 CM4=516 CM5=573

CPU Scaling Governor

We have seen some issues with the scaling cpu governor on the raspberry pi interfere with the i2c bus. This sometimes causes the zymkey to be put into a odd state or return failures from operations that get optimized out by the governor. The raspberry pi sets the scaling governor to be “ondemand” by default. We recommend switching this mode to “performance” to get the best out of the zymkey. Details:

Unattended-upgrades

When encrypting your rootfs, we highly recommend turning off unattended-upgrades prior to the encryption process. In some cases primarily with Ubuntu, during an update/upgrade after encryption, the update-initramfs process may fail and leave the system unable to boot.

To mitigate this issue, remove the service unattended-upgrades:

Check /etc/apt/apt.conf.d/20auto-upgrades. Make sure the following lines are set to 0,

APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

Stop and remove the unattended-upgrade service:

sudo systemctl stop unattended-upgrades
sudo systemctl disable unattended-upgrades
sudo apt-get remove --purge -y unattended-upgrades

Running a 32-bit version of Operating System

As of March 2023, Raspberry PI OS 32-bit images install the 64-bit kernel along with the 32-bit root filesystem. This does not allow our installation script to work. In order to properly install on an 32-bit system, edit /boot/config.txt and add the following line to the bottom of the file, then reboot.

arm_64bit=0

Products

Q: Where can I learn about and/or pre-order future products?

Q: What are the differences between Zymbit’s Products?

Q: How much power do Zymbit products consume?

Q: What is the expected battery life for Zymbit Products?

Compatibility

Q: Which operating systems does Zymbit support?

Q: Which SBCs are compatible with Zymbit Products?

Q: What curves are supported for Zymbit products?

Q: Do Zymbit Products work with Arduino?

Q: Do Zymbit Products work with BeagleBone?