All News | Boards | Chips | Devices | Software | Archive | About | Contact | Subscribe
Please whitelist in your ad blocker. Without ads from our sponsors, we cannot continue publishing this site. Thanks :-)

Tiny open source USB-stick SBC focuses on security

Oct 28, 2014 — by Eric Brown — 3,252 views

Inverse Path is readying a tiny, open-spec “USB Armory” SBC that runs Linux or Android on an i.MX53, and offers Trustzone, secure boot, and USB emulation.

The USB Armory single board computer, which Inverse Path plans to launch this quarter on the Crowd Supply crowdfunding site, is not your ordinary open source hacker SBC. For one thing, it’s super tiny (65 x 19 x 6mm), with only two real-world ports — a USB 2.0 OTG port and a microSD slot — and it’s specifically aimed at secure computing applications.

USB Armory
(click image to enlarge)

The USB Armory connects to other systems via the USB port, which is also how the device sips power at 5V. Consumption is less than 500 mA, according to Inverse Path. USB device emulation covers mass storage, HID, and Ethernet, with the latter enabled via a full bidrectional TCP/IP connection using CDC Ethernet emulation.

A secure boot feature lets users apply verification keys that ensure only trusted firmware can be executed on a specific USB Armory device. The device also offers ARM TrustZone security to enforce domain separation between secure and normal worlds.

USB Armory edge view
(click image to enlarge)

The TrustZone support extends beyond the CPU to propagate throughout all system-on-chip components, says Inverse Path. The combination of all these security features “greatly limits the potentiality and scope of supply chain attacks,” says Inverse Path.

Potential applications for the USB Armory are said to include:

  • Mass storage device with automatic encryption, virus scanning, host authentication, and data self-destruct
  • OpenSSH client and agent for untrusted hosts (kiosk)
  • Router for end-to-end VPN tunneling, Tor
  • Password manager with integrated web server
  • Electronic wallet (e.g. pocket Bitcoin wallet)
  • Authentication token
  • Portable penetration testing (pen-testing) platform
  • Low level USB security testing

The device runs Android, Debian, Ubuntu, or FreeBSD on a Cortex-A8-based Freescale i.MX53 processor clocked at 800MHz. This would appear to be the i.MX537 model, rather than the i.MX535, which is typically clocked at 1GHz.

USB Armory, front (top) and back
(click image to enlarge)

The USB Armory ships with 512MB DDR3 RAM. Aside from the USB and microSD connections, the only interface is a 7-pin header (normally holes, only) for GPIO and UART signals, plus power. Inverse Path has posted schematics and PCB layout files licensed under GPLv2.

Specifications listed for the USB Armory include:

  • Processor — Freescale i.MX53 (1x Cortex-A8 @ 800MHz)
  • Memory — 512MB DDR3 RAM
  • Storage — MicroSD slot with secure boot
  • I/O:
    • USB 2.0 OTG port with power support and device emulation
    • 7-pin breakout header with GPIOs and UART
  • Other features — ARM TrustZone support; customizable LED with secure mode detection
  • Power — 5V, via USB; <500 mA consumption
  • Dimensions — 65 x 19 x 6mm
  • Operating system — Android; Linux (ships with Debian and Ubuntu images); FreeBSD

Further information

The USB Armory will go up for crowdfunding this quarter on Crowd Supply. More information may be found on the Crowd Supply project notification page, as well as this Inverse Path USB Armory product page. The device’s technical documentation is available on Github.

(Thanks to Misha S. for this tip!)

(advertise here)


Please comment here...