Published on February 12th, 2015 | Post Views: 2,954 Hits0
USB Armory– a full fledged Open Source USB Stick Computer
Inverse Path is readying a tiny, open-spec “USB Armory” SBC that runs Linux or Android on an i.MX53, and offers Trustzone, secure boot, and USB emulation.
The USB Armory single board computer, which Inverse Path plans to launch this quarter on the Crowd Supply crowdfunding site, is not your ordinary open source hacker SBC. For one thing, it’s super tiny (65 x 19 x 6mm), with only two real-world ports — a USB 2.0 OTG port and a microSD slot — and it’s specifically aimed at secure computing applications.
The USB Armory connects to other systems via the USB port, which is also how the device sips power at 5V. Consumption is less than 500 mA, according to Inverse Path. USB device emulation covers mass storage, HID, and Ethernet, with the latter enabled via a full bidrectional TCP/IP connection using CDC Ethernet emulation.
A secure boot feature lets users apply verification keys that ensure only trusted firmware can be executed on a specific USB Armory device. The device also offers ARM TrustZone security to enforce domain separation between secure and normal worlds.
The TrustZone support extends beyond the CPU to propagate throughout all system-on-chip components, says Inverse Path. The combination of all these security features “greatly limits the potentiality and scope of supply chain attacks,” says Inverse Path.
Potential applications for the USB Armory are said to include:
- Mass storage device with automatic encryption, virus scanning, host authentication, and data self-destruct
- OpenSSH client and agent for untrusted hosts (kiosk)
- Router for end-to-end VPN tunneling, Tor
- Password manager with integrated web server
- Electronic wallet (e.g. pocket Bitcoin wallet)
- Authentication token
- Portable penetration testing (pen-testing) platform
- Low level USB security testing
The device runs Android, Debian, Ubuntu, or FreeBSD on a Cortex-A8-based Freescale i.MX53 processor clocked at 800MHz. This would appear to be the i.MX537 model, rather than the i.MX535, which is typically clocked at 1GHz.
The USB Armory ships with 512MB DDR3 RAM. Aside from the USB and microSD connections, the only interface is a 7-pin header (normally holes, only) for GPIO and UART signals, plus power. Inverse Path has posted schematics and PCB layout files licensed under GPLv2.
Specifications listed for the USB Armory include:
- Processor — Freescale i.MX53 (1x Cortex-A8 @ 800MHz)
- Memory — 512MB DDR3 RAM
- Storage — MicroSD slot with secure boot
- USB 2.0 OTG port with power support and device emulation
- 7-pin breakout header with GPIOs and UART
- Other features — ARM TrustZone support; customizable LED with secure mode detection
- Power — 5V, via USB; <500 mA consumption
- Dimensions — 65 x 19 x 6mm
- Operating system — Android; Linux (ships with Debian and Ubuntu images); FreeBSD