The USB armory Mk II from Inverse Path is an open source hardware design, implementing a flash drive sized computer.
The compact USB powered device provides a platform for developing and running a variety of applications.
The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.
The hardware design features the NXP i.MX6ULZ processor, supporting advanced security features such as secure boot and ARM® TrustZone®.
- NXP i.MX6ULZ ARM® Cortex™-A7 900Mhz, 512MB DDR3 RAM
- USB host powered (<500 mA) device with compact form factor (65 x 19 x 6 mm)
- ARM® TrustZone®, secure boot + storage + RAM
- 16GB eMMC
- MicroSD card slot
- u-blox ANNA-B112 Bluetooth module
- Debug accessory support for UART, GPIO, SPI, I2C, CAN breakout
- Customizable LED, including secure mode detection
- USB device emulation (CDC Ethernet, mass storage, HID, etc.)
- Open Hardware & Software
- Architecture
- ARMv7 Cortex-A7
- Processor
- NXP i.MX6ULZ 900MHz
- RAM
- 512MB
- eMMC
- 16GB
- SD
- Micro SD
- USB
- 2
Install to a micro SD card
Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
- Zero the beginning of the device:
dd if=/dev/zero of=/dev/sdX bs=1M count=8
- Start fdisk to partition the device:
fdisk /dev/sdX
- At the fdisk prompt, delete old partitions and create a new one:
- Type o. This will clear out any partitions on the drive.
- Type p to list partitions. There should be no partitions left.
- Now type n, then p for primary, 1 for the first partition on the drive, 2048 for the first sector, and then press ENTER to accept the default last sector.
- Write the partition table and exit by typing w.
- Create the ext4 filesystem:
mkfs.ext4 /dev/sdX1
- Mount the filesystem:
mkdir mnt
mount /dev/sdX1 mnt
- Download and extract the root filesystem (as root, not via sudo):
wget http://os.archlinuxarm.org/os/ArchLinuxARM-usbarmory-mkii-latest.tar.gz
bsdtar -xpf ArchLinuxARM-usbarmory-mkii-latest.tar.gz -C mnt
sync
- Install the U-Boot bootloader and unmount the device:
dd if=mnt/boot/u-boot-dtb.imx of=/dev/sdX bs=512 seek=2 conv=fsync
sync
umount mnt
- Insert the micro SD card into the USB armory, set the boot switch to uSD, and connect to your computer's USB-C port.
- Use the serial console (/dev/ttyACM0) or SSH as below.
- Login as the default user alarm with the password alarm.
- The default root password is root.
- Initialize the pacman keyring and populate the Arch Linux ARM package signing keys:
pacman-key --init
pacman-key --populate archlinuxarm
Host Communication
The root filesystem is configured to load the g_cdc module which provides USB ethernet and ACM serial devices on the host.
To connect via SSH, you will need to configure the host networking:
- Bring the interface up (usb0 is used here, yours may be different)
ip link set usb0 up
- Set the IP address
ip addr add 10.0.0.2/24 dev usb0
- Enable masquerading out your primary interface (eth0 is used here, yours may be different)
iptables -t nat -A POSTROUTING -s 10.0.0.1/32 -o eth0 -j MASQUERADE
- Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Gadget configuration:
- Device and host ethernet MAC addresses: /etc/modprobe.d/g_cdc.conf
- Gadget ethernet network settings: /etc/systemd/network/gadget.network
Installing to eMMC
Click here to magically adjust the instructions above for the mmcblk1 eMMC device.
- After booting into Arch Linux ARM, follow the above steps 1 through 7 using the device /dev/mmcblk1.
- Power down the system, waiting until all the LEDs go out:
poweroff
- Remove power, set the boot switch to eMMC, then reapply power. The system will boot into eMMC.
- To use the micro SD slot for general storage, simply partition and format the device as a normal drive.