The USB armory is the world smallest secure computer. It can safeguard data and run trusted applications, preventing unauthorized access or execution. Minimal attack surface, vast performance and capabilities.
Compact. Customizable. Secure.
Fits right in your pocket, your laptop, your servers.
The capability of implementing arbitrary USB devices in combination with the USB armory speed, the security features and the flexible and customizable operating environments, makes the USB armory the ideal platform for all kinds of personal security applications.
The USB armory is a prime platform for the following applications:
• Encrypted storage solutions
• Hardware Security Module (HSM)
• Enhanced smart cards
• Electronic vaults (e.g. cryptocurrency wallets)
• Key escrow services
• Authentication, provisioning, licensing tokens
• USB firewall
In addition to native support for standard operating environments, such as Linux distributions, the USB armory is directly supported by TamaGo, an F-Secure Foundry developed framework that provides execution of unencumbered Go applications on bare metal ARM® System-on-Chip (SoC) processors.
memory-unsafe programming language
memory-safe programming language
TamaGo allows a dramatic reduction of the attack surface by removing any dependency on memory-unsafe languages (e.g. C), Operating Systems and third party libraries.
programming language %
The USB armory incorporates a vast number of features that can support a wide variety of security architectures. Its capabilities allow the safe storage of data as well as the trusted execution of operating environments and their applications, natively on the device itself.
Beyond simple smartcards or security tokens, the USB armory is a personal, self-contained, secure server
The HAB feature enables on-chip internal Boot ROM authentication of initial bootloader (i.e. Secure Boot) with a digital signature, establishing the first trust anchor for code authentication.
The CAAM (i.MX6UL) and RNGB (i.MX6ULZ) provide true random number generation for cryptographic operations.
The built-in Bluetooth (BLE) module allows wireless communication which, in combination with other security features as well as the internal+external storage, enables innovative multi-factor secure storage solutions.
The SNVS (Secure Non-Volatile Storage) enables encrypted storage of arbitrary data using unique keys. Combined with Secure Boot (HAB) this allows complete lockdown of data through a trusted application.
The BEE is included only in boards mounting the i.MX6UL SoC, it supports on-the-fly (OTF) AES-128 (ECB or CTR) encryption/decryption on the AXI bus, allowing OTF DRAM encryption.
The NXP SE050 features hardware acceleration for elliptic-curve cryptography as well as hardware based key storage.
The eMMC RPMB features allows replay protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.
The GoKey application implements a USB smartcard with innovative properties. Featuring an SSH based management interface, the card provides a dramatically improved security model over traditional smartcards. By leveraging on the TamaGo framework, GoKey is written and executed with only high-level code, minimal dependencies and a memory-safe environment.
The USB armory provides secure execution of cryptographic operations and data storage.
The user can unlock the USB armory over Bluetooth, authorizing only need-to-know contents, to ensure safe operation even on untrusted laptops.
When hosting facilities cannot be trusted, the USB armory, plugged on a server, complements its potentially unsafe environment with self-contained, tamper proof, HSM services.
Remote peers can authenticate the USB armory and use it, while the server remains an unprivileged party.
The server itself can also use the USB armory HSM services for CA/PKI or any other cryptographic purpose, without having access to protected keys.
The USB armory is assembled entirely in Italy and is available for ordering from selected stores as listed below.
Additionally custom/bulk order inquiries can be placed directly by contacting firstname.lastname@example.org.
|UA-MKII-ULZ-512M||USB armory Mk II • i.MX6ULZ 900 MHz • 512 MB RAM • enclosure|
|UA-MKII-DA||Debug accessory for the USB armory Mk II|
|UA-MKII-UL-512M||USB armory Mk II • i.MX6UL 528 MHz • 512 MB RAM|
|UA-MKII-UL-1G||USB armory Mk II • i.MX6UL 528 MHz • 1 GB RAM|
|UA-MKII-ULZ-1G||USB armory Mk II • i.MX6ULZ 900 MHz • 1 GB RAM|
|UA-MKII-ENC||Enclosure for the USB armory Mk II|