We’ve completed our port of the FIDO2 U2F software from SoloKeys and are now turning our attention to our mass storage security features. We have already developed the low-level drivers for mass storage SCSI drivers with high-speed encryption and are working now on finalizing the design of how the different volume types will be implemented and integrate with the Signet GUI. This update describes the features we have planned and how they will work.
Signet allows many volumes to be stored simultaneously on the device. These are not created as partitions on a single drive but instead as multiple independent drives all using portions of the same eMMC memory. This is neccessary since the Signet firmware needs to be able to assign properties to the volumes outside of what a normal partition table would record. If a volume is one-time-use then it needs to keep track which sectors to erase when the volume needs to be recycled. If a volume is encrypted then the read and write commands need to execute encryption/decryption steps before completing. The volumes are created and managed through the client GUI as shown below
Through the GUI you can create volumes of any kind, securely destroy them, and change their size. Note that decreasing the size of a volume could be an unsafe operation as the we are not going to be resizing the underlying file system in the initial release.
One advantage of having the firmware allocate eMMC memory to the drives in this way is that it is not necessary for a drive’s sectors volume to be stored linearly across the memory. When sectors must be stored linearly it can be necessary to move volumes around to handle volume size change requests. To avoid this the memory will be divided into 1,000 32 MB regions and each volume can be assigned regions from multiple discontinuous areas if necessary. A drive’s logical sectors will be mapped to physical sectors through a simple lookup table without adding any noticeable overhead to read and write operations.
One kind of volume that has not been described very well are what we have called “Physically secured volumes”. Physically secured volumes are meant to address the problem that exists with ordinary volumes (encrypted or not) that once they are accessible to the OS any or all of the files on the volume can be read by malicious software on the host operating system. To prevent this, physically secured volumes require a device button press to access specific areas.
What differentiates them from the other volume types technically, is that they are not mapped to a drive visible to the operating system. Instead, they contain a specialized file system which is only directly visible within the client when the device is unlocked. Each directory can contain a list of tags which help Signet HC decide which profiles can see the directory. See multi-profile support section in the campaign page for more information. Additionally, each directory has a security mode indicating if no button press is needed to access them, a regular button press is needed to access them, or a long button press is needed to access them.
Files can be added to a physically secured volume by dragging them into the client’s volume browser. Likewise files can be exported to the operating system by dragging them out of the client’s volume browser. Files in physically secured volumes can also be linked to entries in your password and personal information database. This allows you do associate, photos, videos, documents, etc to your accounts for convenient access. This would be problematic to implement with a conventional file-system since the firmware would have to switch back and forth between allowing the host operating system to access the files and the device since they could not do so simultaneously.