Crowd Supply USB armory Mk II is a full-featured, security-minded computer, based on an NXP Semiconductors i.MX6ULZ Microcontroller, in a tiny USB form-factor. Designed with information security applications in mind, the USB armory Mk II incorporates features such as High Assurance Boot (HABv4), Arm® TrustZone®, and external cryptographic co-processors.
- SoC: NXP Semiconductors i.MX6ULZ Arm® Cortex™-A7 900MHz
- RAM: 512MB DDR3
- Storage: Internal 16GB eMMC + external microSD
- BLUETOOTH® Module: u-blox ANNA-B112 BLE
- USB-C Ports: DRP (Dual Role Power) receptacle + UFP (Upstream Facing Port) plug, USB 2.0 only
- LEDs: Two
- Slide Switch: For boot mode selection between eMMC and microSD
- External Security Elements: Microchip Technology ATECC608A and NXP Semiconductors A71CH
- Physical Size: 66mm x 19mm x 8mm (without enclosure, including USB-C connector)
- Enclosure: Included with all units for device protection
- High Assurance Boot (HABv4)
The HAB feature enables on-chip internal Boot ROM authentication of the initial bootloader (i.e., Secure Boot) with a digital signature, establishing the first trust anchor for code authentication.
- True Random Number Generator (TRNG)
The RNGB driver is included and operational in modern Linux kernels. Once loaded, it enables the component within the Linux hw_random framework.
- Data Co-Processor (DCP)
The DCP module driver is included and operational in modern Linux kernels. Once loaded, it exposes its algorithms through the Crypto API interface.
- Secure Non-Volatile Storage (SNVS)
A device-specific random 256-bit OTPMK key is fused in each SoC at manufacturing time. This key is unreadable and can only be used by the DCP for AES encryption/decryption of user data, through the Secure Non-Volatile Storage (SNVS) companion block.
- Arm TrustZone
The i.MX6 SoC family features an Arn TrustZone implementation in its CPU core and internal peripherals.
- External Cryptographic Co-Processors
The Microchip ATECC608A and NXP AT71CH feature hardware acceleration for elliptic-curve cryptography, as well as hardware-based key storage. The ATECC608A also features symmetric AES-128-GCM encryption. Both components provide high-endurance monotonic counters, useful for external verification of firmware downgrade/rollback attacks.
- eMMC Replay Protected Memory Blocks (RPMB)
The eMMC RPMB features replay-protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.
- Mass storage device with advanced features such as automatic encryption, virus scanning, host authentication, and data self-destruct
- Hardware Security Module (HSM)
- OpenSSH client and agent for untrusted hosts (e.g., Internet kiosks)
- Router for end-to-end VPN tunneling
- Tor bridge
- Password manager with integrated webserver
- Electronic wallet
- Authentication token
- Portable penetration testing platform
- Low-level USB security testing