WithSecure USB armory Mk II

WithSecure USB armory Mk II is a full-featured, security-minded computer based on NXP Semiconductors i.MX6ULZ Microcontroller in a tiny USB form factor. The WithSecure USB armory Mk II is designed for information security applications and incorporates features such as High Assurance Boot (HABv4), Arm® TrustZone®, and external cryptographic co-processors.

Features

  • NXP Semiconductors i.MX6ULZ Arm® Cortex™-A7 SoC, 900MHz
  • 512MB DDR3 RAM
  • Internal 16GB eMMC and external microSD storage
  • u-blox ANNA-B112 BLE BLUETOOTH® module
  • DRP (Dual Role Power) receptacle + UFP (Upstream Facing Port) plug, USB 2.0 only
  • 2x LEDs
  • Slide switch for boot mode selection between eMMC and microSD
  • NXP Semiconductors EdgeLock SE050 external security elements
  • 66mm x 19mm x 8mm in dimension (without enclosure, including USB-C™ connector)
  • Enclosure is included with all units for device protection

Security Features

  • High Assurance Boot (HABv4)
    The HAB feature enables on-chip internal Boot ROM authentication of the initial bootloader (i.e., Secure Boot) with a digital signature, establishing the first trust anchor for code authentication.

  • True Random Number Generator (TRNG)
    The RNGB driver is included and operational in modern Linux kernels. Once loaded, it enables the component within the Linux hw_random framework.

  • Data Co-Processor (DCP)
    The DCP module driver is included and operational in modern Linux kernels. Once loaded, it exposes its algorithms through the Crypto API interface.

  • Secure Non-Volatile Storage (SNVS)
    Each SoC is fused with a device-specific random 256-bit OTPMK key at manufacturing time. This key is unreadable and can only be used by the DCP for AES encryption/decryption of user data through the Secure Non-Volatile Storage (SNVS) companion block.

  • Arm TrustZone
    The i.MX6 SoC family features an Arn TrustZone implementation in its CPU core and internal peripherals.

  • External Cryptographic Co-Processors
    The NXP EdgeLock SE050 features hardware acceleration for elliptic-curve cryptography and hardware-based key storage. It also provides high-endurance monotonic counters, which are useful for external verification of firmware downgrade/rollback attacks.

  • eMMC Replay Protected Memory Blocks (RPMB)
    The eMMC RPMB features replay-protected authenticated access to flash memory partition areas using a shared secret between the host and the eMMC.

Software

The USB armory Mk II hardware is supported by standard software environments and requires little customization. Vanilla Linux kernels and standard distributions run seamlessly on the tiny board:

  • Boots from onboard eMMC, microSD, or via USB serial downloader
  • Native Linux support
  • Supported by the TamaGo framework for bare metal Go applications
  • Precompiled images are available for Debian 9 (Stretch) and Arch Linux, with more on the way
  • USB device emulation (CDC Ethernet, mass storage, HID, etc.)

Connectivity

  • USB 2.0 over USB-C plug to host with full device emulation
  • USB 2.0 over USB-C receptacle for the additional devices or as a connection to a host
  • Full TCP/IP connection to/from USB armory via USB CDC Ethernet emulation
  • Flash drive functionality via USB mass storage device emulation
  • Serial communication over USB or physical UART using the Debug Board
  • Wireless connectivity over BLE

Note: Both USB-C ports support only the USB 2.0 protocol. HDMI video over USB-C is not supported.

Applications

  • Mass storage device with advanced features such as automatic encryption, virus scanning, host authentication, and data self-destruct
  • Hardware Security Module (HSM)
  • OpenSSH client and agent for untrusted hosts (e.g., Internet kiosks)
  • Router for end-to-end VPN tunneling
  • Tor bridge
  • Password manager with integrated web server
  • Electronic wallet
  • Authentication token
  • Portable penetration testing platform
  • Low-level USB security testing

Documents

Accessories

WithSecure USB armory Mk II
  • Debug Accessory Board (CS-ARMORY-02)
    The Debug Accessory Board breaks out the USB armory Mk II's UART, SPI, I2C, and GPIO connections to and from its application processor.

  • 32GB MicroSD Card (CS-ARMORY-03)
    32 GB MicroSD card pre-imaged with Debian for quick boot-up.

Videos

Board Layout

WithSecure USB armory Mk II
Published: 2020-01-27 | Updated: 2024-12-18