F-Secure USB Armory #262
Replies: 2 comments
-
Host communicationSetup & Connection Sharing Linux:
Additionally, on Ubuntu the firewall has to be configured to allow the traffic:
and in some cases it is necessary to also restart the network-manager. Compiling Rust for the USB Armory Mk IIThe USB Armory hosts per default the
I compiled the binary on my host Ubuntu laptop and copied it to the usb-armory. Compiling on the usb armory itself takes a few hours and in my case the linker is always killed, seems like it costs too much ram.
|
Beta Was this translation helpful? Give feedback.
-
The previous problem with compiling the stronghold-runtime for the |
Beta Was this translation helpful? Give feedback.
-
Description
This issue tracks Stronghold integration with the F-Secure USB Armory.
Notes:
Introduction
Any efforts in the direction of a Stronghold OS could laregely benefit from Genode’s information related to TEE.
USB armory Mk II boot modes
The USB armory Mk II supports 3 boot mechanisms:
USB Serial Download Protocol (SDP)
A slide switch allows selection of the primary boot mode. The switch positions match the position of the storage media components:
Flashing bootable images on external/internal media
The following instructions provide instructions on flashing bootable images on either an external microSD card, connected to a host with a built-in or externally connected card reader, or the internal eMMC.
WARNING: the following operations will destroy any previous contents on the target eMMC/microSD.
Available images
In order to boot the USB armory it is possible to either use a pre-compiled disk image or manually prepare your own.
The following table summarizes the list of available pre-compiled Linux distributions
Note:
*-usd-*
suffix on image filenames meansuSD
, ormicroSD
, as opposed to*-emmc-*
oreMMC
.However, you should only trust what you can (cross)-compile! Check this repo for instructions on how to cross-compile Debian: https://github.com/f-secure-foundry/usbarmory-debian-base_image
Flashing raw disk images
Raw disk images are meant to fill the entire boot media, examples include full OS images such as the USB armory Debian base image.
Linux (verify target from terminal using dmesg, e.g. /dev/sdX):
UART
The USB armory Mk II exposes a USB Type-C receptacle, which allows through the so called USB-C 'debug accessory mode' to route analog/debug signals over its connector, the USB armory Mk II design leverages on this to break out UART, SPI, I²C, CAN (pre-transceiver), GPIOs connections to/from its application processor.
The debug accessory board allows to access UART and GPIO signals through USB, without requiring probes, through an FTDI FT4232H. This allows, for example, access to the USB armory Mk II serial console without wires or probes, natively using only USB cables.
When running the USB armory Debian base image the serial console can be accessed, with the debug accessory jumper set to UART position, as follows (example on Linux host with picocom):
When prompted for username and password, use
usbarmory
for both.WARNING: make sure the Jumper is setting the adapter to UART mode.
Ethernet over USB (SSH)
After being booted, the image uses Ethernet over USB emulation (CDC Ethernet) to communicate with the host, with assigned IP address
10.0.0.1
(using10.0.0.2
as gateway). Connection can be accomplished via SSH to10.0.0.1
, with default userusbarmory
and passwordusbarmory
. NOTE: There is a DHCP server running by default. Alternatively the host interface IP address can be statically set to10.0.0.2/24
.Beta Was this translation helpful? Give feedback.
All reactions