USB Armory

The USB armory from Inverse Path is an open source hardware design, implementing a flash drive sized computer.

The compact USB powered device provides a platform for developing and running a variety of applications.

The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.

The hardware design features the Freescale i.MX53 processor, supporting advanced security features such as secure boot and ARM® TrustZone®.

  • Freescale i.MX53 ARM® Cortex™-A8 800Mhz, 512MB DDR3 RAM
  • USB host powered (<500 mA) device with compact form factor (65 x 19 x 6 mm)
  • ARM® TrustZone®, secure boot + storage + RAM
  • microSD card slot
  • 5-pin breakout header with GPIOs and UART
  • customizable LED, including secure mode detection
  • USB device emulation (CDC Ethernet, mass storage, HID, etc.)
  • Open Hardware & Software
ARMv7 Cortex-A8
Freescale i.MX53 800MHz
Micro SD

Install to a micro SD card

Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.

  1. Zero the beginning of the SD card:
    dd if=/dev/zero of=/dev/sdX bs=1M count=8
  2. Start fdisk to partition the SD card:
    fdisk /dev/sdX
  3. At the fdisk prompt, delete old partitions and create a new one:
    1. Type o. This will clear out any partitions on the drive.
    2. Type p to list partitions. There should be no partitions left.
    3. Now type n, then p for primary, 1 for the first partition on the drive, 2048 for the first sector, and then press ENTER to accept the default last sector.
    4. Write the partition table and exit by typing w.
  4. Create the ext4 filesystem:
    1. For e2fsprogs < 1.43:
      mkfs.ext4 /dev/sdX1
    2. For e2fsprogs >= 1.43:
      mkfs.ext4 -O ^metadata_csum,^64bit /dev/sdX1
  5. Mount the filesystem:
    mkdir mnt
    mount /dev/sdX1 mnt
  6. Download and extract the root filesystem:
    bsdtar -xpf ArchLinuxARM-usbarmory-latest.tar.gz -C mnt
  7. Install the U-Boot bootloader and unmount the micro SD card:
    sudo dd if=mnt/boot/u-boot.imx of=/dev/sdX bs=512 seek=2 conv=fsync
    umount mnt
  8. Insert the micro SD card into the USB Armory, connect computers USB port.
  9. Use the serial console (/dev/ttyACM0) or SSH as below.
    • Login as the default user alarm with the password alarm.
    • The default root password is root.

Host Communication

The root filesystem is configured to load the g_cdc module which provides USB ethernet and ACM serial devices on the host. To connect via SSH, you will need to configure the host networking:

  1. Bring the interface up (usb0 is used here, yours may be different)
    ip link set usb0 up
  2. Set the IP address
    ip addr add dev usb0
  3. Enable masquerading out your primary interface (eth0 is used here, yours may be different)
    iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  4. Enable IP forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

Set the USB OTG to host mode

The USB Armory will boot by default in peripheral mode, allowing the board to be plugged into a computer. To use the host adapter board to attach USB devices to the USB Armory, the USB OTG port must be put in host mode.

  1. Open /boot/boot.txt in an editor
  2. Uncomment the following line near the top:
    #setenv otg_host yes
  3. Install uboot-tools if not already installed:
    pacman -S uboot-tools
  4. From inside the /boot directory, run the mkscr script to create the boot.scr file:
  5. Disable g_cdc serial port's getty service to prevent boot delays:
    systemctl disable getty@ttyGS0

Copyright ©2009-2016 Arch Linux ARM
The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.
The Arch Linux™ name and logo are used under permission of the Arch Linux Project Lead.