F-Secure Foundry has designed a powerful, open-source, USB-sized computer for security nerds and enthusiasts alike.
The USB Armory MKII is a sleek, open-source SoC computer that packs quite a punch for its thumb drive size. This Linux computer has a 16GB eMMC, a standard microSD card slot, dual USB-C ports, and a re-programmable Bluetooth 5.0 module. Optimized for security applications, the USB Armory MKII can be configured for any security hacker’s needs. Ever thought about making a TOR bridge? An end-to-end VPN router? A portable pen-testing device? Encrypted password manager? The applications that can be developed on this board are vast and plentiful. One of the advantages of the MKII over other boards is its compact form factor (66mm×19mm×8mm). Essentially the size of a standard USB stick, the USB Armory MKII can be discreetly used with none the wiser of its capabilities. That’s pretty sweet depending on your application use.
F-Secure Foundry has shown an emphasis on security, and the USB Armory MKII proves they still are walking the walk. Rarely do we see boards focus on security like the USB Armory MKII. Down to the hardware, this board is filled with a plethora of security features. It has a NXP i.MX6ULZ ARM® Cortex™-A7 processor that clocks at 900MHz, and supports secure boot and ARM TrustZone. In addition to this, there is a true number generator, a data co-processor driver, and two external co-processors, Microchip ATECC608A and NXP AT71CH, all of which help provide more security with hashing, cryptography, and authentication. And that’s just scratching the surface. Inverse Path put a lot effort into making the USB Armory MKII secure and it definitely shows.
The MKII has an optional debug board that connects directly to it via USB-C. This provides easy UART, SPI, I2C, and GPIO access when needed.
Fair warning, from our testings, we found that this board is not a beginner board. While there are endless possible configurations for the USB Armory MKII, a good understanding of Linux is required before you can comfortably ride. The board does not support video, and so it is entirely headless and host communication is done through CDC Ethernet. Luckily, there is in-depth documentation to help you get started, whether it’s to run a vanilla Linux distro from a pre-compiled image or to build your own custom Linux system/application. There are also links to other GitHub repositories with security applications developed for their platform, such as INTERLOCK, a file encryption application and a hardware-based password manager. Once the initial hurdle of the environment set up is surpassed, then it’s all gravy from there.
Overall this board is filled with flexible security features in a compact size. For anyone interested in cybersecurity and wants to put in the time, it’s well worth the deep dive.