"Can be used... as a Tor Bridge, VPN router, Hardware Security Module (HSM), OpenSSH client and agent for untrusted hosts, portable penetration testing platform, automatically encrypted mass storage device, password manager, digital wallet..."
"The device can be operated as a standalone SBC or as a security peripheral." to a connected computer."
"Este nuevo ordenador USB de código abierto para aplicaciones de seguridad denominado USB armory Mk II tiene un formato diminuto y requiere una mínima personalización para su uso profesional."
The USB armory Mk II is a full featured computer (900 MHz ARM® processor, 512 MB RAM, Bluetooth, USB-C) in a tiny form-factor, designed from the ground up with information security applications in mind.
The USB armory Mk II hardware is supported by standard software environments and requires very little customization. In fact, vanilla Linux kernels and standard distributions run seamlessly on the tiny board:
Note: only the USB 2.0 protocol is supported over both USB-C ports, therefore it should be emphasized that HDMI video over USB-C is not supported.
The following example security application ideas illustrate the flexibility of the USB armory Mk II concept:
The HAB feature enables on-chip internal Boot ROM authentication of the initial bootloader (i.e., Secure Boot) with a digital signature, establishing the first trust anchor for code authentication. See Secure Boot) for more information and usage instructions.
The RNGB driver is included and operational in modern Linux
kernels. Once loaded, it enables the component within the Linux
From the i.MX6ULZ datasheet:
This module provides support for general encryption and hashing functions typically used for security functions.
The DCP module driver is included and operational in modern Linux kernels. Once loaded, it exposes its algorithms through the Crypto API interface.
From the i.MX6ULZ datasheet:
Secure Non-Volatile Storage, including Secure Real Time Clock, Security State Machine, Master Key Control, and Violation/Tamper Detection and reporting.
A device-specific random 256-bit OTPMK key is fused in each SoC at manufacturing time. This key is unreadable and can only be used by the DCP for AES encryption/decryption of user data, through the Secure Non-Volatile Storage (SNVS) companion block.
The i.MX6 SoC family features an ARM® TrustZone® implementation in its CPU core and internal peripherals. From the ARM® website:
At the heart of the TrustZone® approach is the concept of secure and non-secure worlds that are hardware separated, with non-secure software blocked from accessing secure resources directly. Within the processor, software either resides in the secure world or the non-secure world; a switch between these two worlds is accomplished via software referred to as the secure monitor.
This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts, and peripherals within an SoC.
The Microchip ATECC608A and NXP AT71CH feature hardware acceleration for elliptic-curve cryptography, as well as hardware-based key storage. The ATECC608A also features symmetric AES-128-GCM encryption. Both components provide high-endurance monotonic counters, useful for external verification of firmware downgrade/rollback attacks. Both components communicate on the I²C bus and feature authenticated and encrypted sessions for host communication.
The eMMC RPMB features replay-protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.
USB armory Mk II features two USB-C ports. Using USB-C allows us to have a plug for traditional USB-based host communication, along with an integrated receptacle to act as a host (or device).
The USB-C current mode ensures that adequate current is requested on the plug side, to enable connection of additional devices on the receptacle side. This design enables new use cases for the USB armory Mk II. It can act as a USB firewall without the need for additional hardware, and it can be natively expanded with USB peripherals (e.g., storage and network adapters).
Additionally, the integrated receptacle also allows its role to be changed to device, simplifying scenarios such as controlled USB fuzzing from one side and interactive console/control on the other.
Only the USB 2.0 protocol is supported over both USB-C ports, therefore it should be emphasized that HDMI video over USB-C is not supported.
The Mk II includes a u-blox ANNA-B112 Bluetooth module for out-of-band (in relation to USB interfaces) interaction with a wireless client (e.g., mobile applications).
The addition of a Bluetooth module opens up a variety of new use cases for the USB armory Mk II, greatly enhancing its security applications in terms of authentication, isolation, and limiting trust of the host.
The ANNA-B112 module supports an "OpenCPU" option to allow arbitrary firmware, replacing the built-in u-blox firmware, on its Nordic Semiconductor nRF52832 SoC. This allows provisioning of the SoC with Nordic SDK, Wirepas mesh, ARM® Mbed, or arbitrary user firmware. The nRF52832 SoC features an ARM® Cortex-M4 CPU with 512 KB of internal Flash and 64 KB of RAM.
Apart from the traditional microSD slot (now with a spring-loaded push-to-insert, push-to-eject mechanism), the USB armory Mk II includes a 16 GB eMMC flash memory chip on the board.
This makes provisioning easier, allows for factory pre-imaging without the burden of microSD card installation, and enables additional security features.
Additionally a slide switch allows selection of the boot mode (microSD vs eMMC), which makes it easy to select the boot media for dual boot purposes (e.g., full Linux OS vs INTERLOCK protected image).
|USB armory Mk II||USB armory Mk I|
|SoC||NXP i.MX6ULZ ARM® Cortex™-A7||Freescale i.MX53 ARM® Cortex™-A8|
|Operating frequency||900 MHz||800 MHz|
|RAM||512 MB||512 MB|
|On-board storage||16 GB eMMC||None|
|Wireless capabilities||Bluetooth 5, BLE, BT Mesh||None|
|Host connector (USB 2.0)||USB-C||USB A|
|Peripheral connector (USB 2.0)||USB-C||USB A via external adapter|
|GPIO||8 via Debug Board||5 on board|
|GPIO interfaces||UART, SPI, I²C||UART, SPI, I²C|
|Secure Boot||HABv4.2.6||HABv4.0.4 (insecure)|
|True Random Number Generator||Yes||Unsupported|
|SoC cryptographic acceleration||DCP||SAHARAv4 Lite|
|Secure storage handling||SNVS||SCCv2|
|External cryptographic co-processors||ATECC & A71CH||No|
|Protected flash memory region||RPMB||No|
New USB armory Mk II
Original USB armory Mk I
To keep your USB armory Mk II protected and preserved, we've developed a custom enclosure in cooperation with TEKO, an Italian company that specializes in high-quality enclosures.
The enclosure provides proper access to the USB-C ports as well as the microSD card slot and boot-select switch. It also features a slot for attaching a lanyard.
Enclosure with USB dongle and attached lanyard (items not included in pledge levels)
The USB armory Mk II exposes a USB-C receptacle, which allows the so-called 'debug accessory mode' to route analog/debug signals over its connector. The USB armory Mk II design leverages this to break out UART, SPI, I²C, and GPIO connections to/from its application processor.
The debug accessory board allows access to UART and GPIO signals through USB, without requiring probes, through an FTDI FT4232H. This allows, for example, access to the USB armory Mk II serial console without wires or probes, natively using only USB cables. All other interfaces can be accessed through dedicated breakout through-holes.
The board measures 22 mm x 57 mm x 12 mm, including the length of the USB-C connector.
All USB armory Mk II units will be delivered to Crowd Supply's fulfillment partner (Mouser Electronics) for final distribution to backers worldwide. For more information, please see the Crowd Supply Guide section about ordering, paying, and shipping.
All orders shipped to the EU, Australia, Canada, and Switzerland will ship with VAT pre-paid and customs pre-cleared. EU orders will primarily be shipped by FedEx through France. For details, see the Crowd Supply Guide section on international shipping, VAT, and customs.
In order to control quality and timelines, a local Italian manufacturer will assemble the first production batch of the USB armory Mk II. The same manufacturer has been used to produce a pre-production batch of 100 "beta" units for testing the final design and ensuring the correctness of all production processes.
Manufacturing will start as soon as the campaign ends or even before in case a sufficient number of pre-orders is achieved. The lead time for the first production batch is estimated to be on the order of a few weeks. Accounting for fulfillment and testing we hope to ship out all orders by the end of 2019 or in January 2020 at the latest.
Enclosure design is complete, and pre-production work is currently being done. These will be manufactured by a local Italian company, as well.
USB armory Mk II has been thoroughly designed for manufacturing. After several rounds of prototyping, the boards are ready for mass production. Previously used and trusted manufacturers are lined up and ready to go, and supply chains have been established.
Of course, as is the case with any hardware project regardless of preparation, component supplies can dwindle and shipments can arrive late. Having produced the USB armory Mk I, as well as other hardware items, we're confident in our ability to adjust to any change in circumstances. And should any issues arise, we'll keep backers informed via project updates.
The pre-production boards are currently undergoing FCC/CE certification. Given that a pre-certified BLE module is used, and also considering the low power and frequency specifications of the device, an uneventful process is expected. There is only a small chance for certification findings to cause delays, in case their nature and lack of mitigation requires changing the PCB design.