The USB Armory of Inverse Path is an open source hardware design, implementing the size of a computer flash drive. New version of USB Armory Stick Mark 2.
The compact USB-powered device provides a platform for developing and running a variety of applications.
The security features of the System on a Chip (SoC) USB, combined with the openness of the board design, allow developers and users a fully customizable trusted USB device for open and innovative personal security applications.
The hardware design includes the NXP i.MX6UL processor, which supports advanced security features such as secure boot and ARM® TrustZone®.
Armory USB hardware is supported by standard software environments and requires very little modification effort. In fact, vanilla Linux kernels and standard distributions run smoothly on a small USB weapons board.
- NXP i.MX6UL / i.MX6ULZ ARM® Cortex ™ -A7 900 MHz, 512 MB DDR3 RAM (up to 1 GB version available).
- USB-powered device (<500 mA) in compact format (65 x 19 x 6 mm)
- ARM® TrustZone®, secure boot + storage + RAM
- Microchip ATECC608A and NXP A71CH security features
- internal 16 GB eMMC + external microSD
- bloc ANNA- B112
- Bluetooth debugger support for UART, GPIO, SPI, I²C,
- customizable CAN LEDs, including safe mode detection
- supported by the Linux vanilla kernel and distribution
- USB device emulation (CDC Ethernet, mass storage, HID, etc.)
- Open hardware and software
The USB Armory Board was created to support the development of various security applications.
The ability to emulate any USB device combined with i.MX6UL SoC speed, security features and a flexible and fully customizable operating environment make the USB arsenal the ideal platform for all types of personal security applications.
The transparency of the open and minimal design of the USB armory hardware facilitates auditability and significantly reduces the potential and scope of attacks in the supply chain.
The secure boot feature allows users to secure verification keys that ensure that only trusted firmware can be executed on a particular USB weapon board.
ARM® TrustZone® support, unlike traditional TPMs, allows developers to design their own trusted platform modules by enforcing domain separation between the "secure" and "normal" worlds, which spreads across all SoC components, and not just to the CPU core.
For an excellent overview of the technology and its support for the i.MX SoC series, see the Genode Framework Project.
The following example of security application ideas illustrates the flexibility of the USB arm concept:
- Encrypted file storage encrypted by a hardware security module (HSM) with malware scanning, host authentication, and self-destructing
- USB firewall bridging the built-in socket and ports
- OpenSSH client and agent for
- Router of untrusted hosts (kiosks) for VPN tunneling between endpoints,
- Tor Password Manager with integrated
- web server electronic wallet (e.g. Pocket Bitcoin Wallet)
- authentication, provision or license token,
- portable penetration testing platform,
- low level of USB security testing
Standard connection options:
- USB device emulation on socket and socket
- TCP / IP communication via CDC Ethernet emulation
- flash drive emulation USB drive using
- serial communication with mass storage via USB or physical
- separate UART mode with built-in socket port