Security module available in pHAT kit for Raspberry Pi and Jetson
Mar 19, 2021 — by Eric Brown 754 viewsZymbit has launched an “HSM4” security module for embedded Linux systems that is available in a $125 HAT kit that supports Pi and Jetson boards. An upcoming “HSM6” module adds cryptocurrency support.
Zymbit has announced a follow-on to its Zymkey4 and other Zymkey security modules dating back to the original, Kickstarter launched ZymKey we covered back in 2015. One of the key differences is that the new HSM4 is designed to be directly deployable on embedded Linux devices via a 30-pin connector rather than using the Zymbit’s pHAT form factor. To ease the transition, the HSM4 is also available as part of a pHAT that once again targets the Raspberry Pi and Nvidia Jetson based kits such as the 40-pin equipped Jetson Xavier NX Developer Kit.


HSM4 render (left) and HSM4 Developer Kit
(click images to enlarge)
The HSM4 appears to have all of security features of the Zymkey4 (also referred to as the Zymkey4i) but does not appear to add any new security capabilities. You can sign up for access to a beta program for an HSM6 module that will offer support for cryptocurrencies, among other new features (see farther below).
Like the software compatible Zymkey4, the HSM4 provides an encrypted file root system, a true random number generator (TRNG), and secure key storage and generation via a secure element (SE) with micro-grid protected silicon. The module also features measured device identification, an ECDSA signing and verification engine, and authentication capabilities plus full disk encryption with dm-crypt and LUKS integration.


HSM4 and security architecture diagram
(click images to enlarge)
The HSM4 supplies physical tamper detection features, backed up with an accelerometer, and can issue an alert or destroy stored keys in case of a breach. Other features include an I2C-based secure serial interface and an RTC with a battery holder for ensuring continued operation if the power is cut. The battery also keeps the device’s Cortex-M0 core humming.
— ADVERTISEMENT —
Although like the Zymkey4, the HSM4 is optimized to work with the Raspberry Pi or Jetson out of the box, the device is compatible with any embedded Linux computer by connecting it via a 30-pin connector. Software APIs are available in Python, C, and C++, and example code and online documentation are available for installing the program with Ubuntu or Raspbian (Raspberry Pi OS). Pinouts and CAD and mechanical files help to ease hardware integration.


HSM4 Developer Kit installed on Raspberry Pi and Jetson Xavier NX Developer Kit (left) and closeup of installing HSM4 on the dev kit pHAT module
(click images to enlarge)
The $125 HSM4 Developer Kit gives you 2x HSM4 modules and a pHAT board with a coincell battery holder. Other features include a GPIO extender, standoffs, and tamper jumper wires.
HSM6 adds digital wallet
The next-generation, beta level HSM6 builds on the HSM4 form factor with more advanced security features. As reported last week on Hackster.io, the HSM6 provides all the features of the HSM4 and adds cryptocurrency extensions. These include the ability to handle BIP-format cryptocurrency wallets and new support for up to 700 foreign and private/public key slots instead of three.

Feature comparison between ZymKey4, HSM4, and HSM6
(click image to enlarge)
Other new features include battery monitoring, enhanced perimeter breach detection, and the addition of SPI and USB interfaces. The HSM6 also adds “last gasp” features and user policies. The module will be available in an HSM6 Developer Kit that appears to be identical to the HSM4 kit.
Further information
The HSM4 is available for $46 on its own, with volume discounts down to $29.90 at 1,000+ units, or for $125 as part of the HSM4 Developer Kit. More information may be found in Zymbit’s HSM4 product page and HSM4 shopping page, as well as the HSM4 Developer Kit shopping page.
You can sign up for early beta access to samples of the HSM6 at the HSM6 product page.
Please comment here...