×

SparkFun Electronics will be closed on November 26, 2020 and November 27, 2020 for the Thanksgiving holiday. We will begin normal operations at 9:00 AM Mountain Time on November 30, 2020.

×

Please see all COVID-19 updates here as some shipments may be delayed due to CDC safety and staffing guidelines. If you have an order or shipping question please refer to our Customer Support page. For technical questions please check out our Forums. Thank you for your continued support.

USB armory Mk II w/ Enclosure by F-Secure

Added to your shopping cart

F-Secure USB Armory USB Armory Mk II is a full-featured, security-minded computer, based on an NXP Semiconductors i.MX6ULZ Microcontroller, in a tiny USB form-factor. Designed with information security applications in mind, the USB Armory Mk II incorporates features such as High Assurance Boot (HABv4), Arm® TrustZone®, and external cryptographic co-processors.

Security Features:

High Assurance Boot (HABv4)

The HAB feature enables on-chip internal Boot ROM authentication of the initial bootloader (i.e., Secure Boot) with a digital signature, establishing the first trust anchor for code authentication.

True Random Number Generator (TRNG)

The RNGB driver is included and operational in modern Linux kernels. Once loaded, it enables the component within the Linux hw_random framework.

Data Co-Processor (DCP)

From the i.MX6ULZ datasheet:

This module provides support for general encryption and hashing functions typically used for security functions.

The DCP module driver is included and operational in modern Linux kernels. Once loaded, it exposes its algorithms through the Crypto API interface.

Secure Non-Volatile Storage (SNVS)

From the i.MX6ULZ datasheet:

Secure Non-Volatile Storage, including Secure Real Time Clock, Security State Machine, Master Key Control, and Violation/Tamper Detection and reporting.

A device-specific random 256-bit OTPMK key is fused in each SoC at manufacturing time. This key is unreadable and can only be used by the DCP for AES encryption/decryption of user data, through the Secure Non-Volatile Storage (SNVS) companion block.

ARM® TrustZone®

The i.MX6 SoC family features an ARM® TrustZone® implementation in its CPU core and internal peripherals. From the ARM® website:

At the heart of the TrustZone® approach is the concept of secure and non-secure worlds that are hardware separated, with non-secure software blocked from accessing secure resources directly. Within the processor, software either resides in the secure world or the non-secure world; a switch between these two worlds is accomplished via software referred to as the secure monitor.

This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts, and peripherals within an SoC.

External cryptographic co-processors (ATECC & A71CH)

The Microchip ATECC608A and NXP AT71CH feature hardware acceleration for elliptic-curve cryptography, as well as hardware-based key storage. The ATECC608A also features symmetric AES-128-GCM encryption. Both components provide high-endurance monotonic counters, useful for external verification of firmware downgrade/rollback attacks. Both components communicate on the I²C bus and feature authenticated and encrypted sessions for host communication.

eMMC Replay Protected Memory Blocks (RPMB)

The eMMC RPMB features replay-protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.

Hardware:

  • SoC: NXP Semiconductors i.MX6ULZ Arm® Cortex™-A7 900MHz
  • RAM: 512MB DDR3
  • Storage: Internal 16GB eMMC + external microSD
  • BLUETOOTH® Module: u-blox ANNA-B112 BLE
  • USB-C Ports: DRP (Dual Role Power) receptacle + UFP (Upstream Facing Port) plug, USB 2.0 only
  • LEDs: Two
  • Slide Switch: For boot mode selection between eMMC and microSD
  • External Security Elements: Microchip Technology ATECC608A and NXP Semiconductors A71CH
  • Physical Size: 66mm x 19mm x 8mm (without enclosure, including USB-C connector)
  • Enclosure: Included with all units for device protection

Connectivity:

  • USB 2.0 over USB-C plug to host with full device emulation
  • USB 2.0 over USB-C receptacle for the additional devices or as a connection to host
  • Full TCP/IP connection to/from USB armory via USB CDC Ethernet emulation
  • Flash drive functionality via USB mass storage device emulation
  • Serial communication over USB or physical UART using the Debug Board
  • Wireless connectivity over BLE

Note: only the USB 2.0 protocol is supported over both USB-C ports, therefore it should be emphasized that HDMI video over USB-C is not supported.

Software:

Comments

Looking for answers to technical questions?

We welcome your comments and suggestions below. However, if you are looking for solutions to technical questions please see our Technical Assistance page.

Customer Reviews

No reviews yet.