The Makefile in this repository allows generation of an image of GlobaLeaks for USB Armory installation for the USB armory.
Pre-compiled releases are available.
A Debian 9 installation with the following packages:
bc binfmt-support bzip2 fakeroot gcc gcc-arm-linux-gnueabihf git gnupg make parted qemu-user-static wget xz-utils zip debootstrap sudo dirmngr bison flex libssl-dev kmod
Import the Linux signing GPG key:
gpg --keyserver hkp://keys.gnupg.net --recv-keys 38DBBDC86092693E
Import the U-Boot signing GPG key:
gpg --keyserver hkp://keys.gnupg.net --recv-keys 87F9F635D31D7652
The loop Linux kernel module must be enabled/loaded, also mind that the
Makefile relies on the ability to execute privileged commands via sudo.
When building the image under Docker the --privileged option is required to
give privileges for handling loop devices, example:
docker build --rm -t armory ./
docker run -it --privileged -v $(pwd):/opt/armory --name armory armory
Launch the following command to download and build the image:
# For the USB armory Mk II (external microSD)
make all V=mark-two IMX=imx6ulz BOOT=uSD
# For the USB armory Mk II (internal eMMC)
make all V=mark-two IMX=imx6ulz BOOT=eMMC
# For the USB armory Mk I
make all V=mark-one IMX=imx53
The following output files are produced:
# For the USB armory Mk II
usbarmory-mark-two-debian_buster-base_image-YYYYMMDD.raw
# For the USB armory Mk I
usbarmory-mark-one-debian_buster-base_image-YYYYMMDD.raw
WARNING: the following operations will destroy any previous contents on the external microSD or internal eMMC storage.
IMPORTANT: /dev/sdX, /dev/diskN must be replaced with your microSD or
eMMC device (not eventual partitions), ensure that you are specifying the
correct one. Errors in target specification will result in disk corruption.
Linux (verify target from terminal using dmesg):
sudo dd if=usbarmory-mark-two-globaleaks.raw of=/dev/sdX bs=1M conv=fsy
Mac OS X (verify target from terminal with diskutil list):
sudo dd if=usbarmory-*-debian_buster-base_image-YYYYMMDD.raw of=/dev/rdiskN bs=1m
On Windows, and other OSes, alternatively the Etcher utility can be used.
Set the USB armory Mk II to boot in Serial Boot Loader by setting the boot switch towards the microSD slot, without a microSD card connected. Connect the USB Type-C interface to the host and verify that your host kernel successfully detects the board:
usb 1-1: new high-speed USB device number 8 using xhci_hcd
usb 1-1: New USB device found, idVendor=15a2, idProduct=0080, bcdDevice= 0.01
usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-1: Product: SE Blank 6ULL
usb 1-1: Manufacturer: Freescale SemiConductor Inc
hid-generic 0003:15A2:0080.0003: hiddev96,hidraw1: USB HID v1.10 Device [Freescale SemiConductor Inc SE Blank 6ULL] on usb-0000:00:14.0-1/input0
Load the bootloader using the imx_loader utility:
imx_usb u-boot-20*.*/u-boot-dtb.imx
On the USB armory Mk II serial console, accessible through the debug accessory, start the USB storage emulation (UMS) mode:
=> ums 0 mmc 1
Alternatively, if external serial console access is not available, a patch to automatically enable UMS mode can be applied to U-Boot 2019.04.
Once in UMS mode, the host kernel should detect a USB storage device:
scsi 3:0:0:0: Direct-Access Linux UMS disk 0 ffff PQ: 0 ANSI: 2
sd 3:0:0:0: [sdX] 7471104 512-byte logical blocks: (3.83 GB/3.56 GiB)
sd 3:0:0:0: [sdX] Write Protect is off
sd 3:0:0:0: [sdX] Mode Sense: 0f 00 00 00
sd 3:0:0:0: [sdX] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sdX: sdX1 sdX2
sd 3:0:0:0: [sdX] Attached SCSI removable disk
After being booted, the image uses Ethernet over USB emulation (CDC Ethernet)
to communicate with the host, with assigned IP address 10.0.0.1 (using 10.0.0.2
as gateway). Connection can be accomplished via SSH to 10.0.0.1, with default
user usbarmory and password usbarmory. NOTE: There is a DHCP server running
by default. Alternatively the host interface IP address can be statically set
to 10.0.0.2/24.
To aid initial testing the base image configures the board LED to reflect CPU
load average, via the Linux Heartbeat Trigger driver. In case this is
undesired, the heartbeat can be disabled by removing the ledtrig_heartbeat
module in /etc/modules. More information about LED control
here.
The default image is 4GB of size, to use the full microSD/eMMC space a new partition can be added or the existing one can be resized as described in the USB armory FAQ.
Project page
Documentation
Board schematics, layout and support files
INTERLOCK - file encryption front end
Discussion group