Home
Welcome to the F-Secure Armory Drive wiki.
The Armory Drive provides a pocket encrypted drive solution based on the USB armory Mk II.
It allows one-tap unlock of a microSD backed encrypted USB drive through its companion F-Secure Armory Drive iOS app.
The Armory Drive firmware must be installed on your USB armory Mk II device.
The F-Secure Armory Drive iOS app must be installed on your mobile device.
The Armory Drive firmware can be installed and upgraded by the Armory Drive
installer (armory-drive-install found in all releases). The installer and
firmware work together through a combination of Secure Boot and Firmware
Transparency frameworks to authenticate firmware updates.
Secure Boot allows firmware authentication with burned in read-only public keys as well as confidential configuration storage with device specific hardware keys.
Firmware Transparency allows tamper-evident firmware authentication by the installer as well as the device firmware when receiving the update.
The following table summarizes the firmware authentication options supported by the installer.
| Secure Boot | Firmware Transparency |
|---|---|
| disabled | Yes |
| with F-Secure keys | Yes |
| with user own keys | No |
The USB armory Mk II can be purchased at the following resellers:
On such retail units the armory-drive-install tool (found in all Armory Drive releases) can be used to install the Armory Drive firmware.
Additionally WithSecure Foundry accepts orders for units pre-provisioned with Armory Drive firmware, in retail or bulk quantities, from companies/OEMs/resellers at usbarmory@withsecure.com.
If you think anything is missing on this wiki, or require further support, please email us at usbarmory@withsecure.com.
Copyright (c) WithSecure Corporation
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation under version 3 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
The F-Secure Armory Drive iOS app does not share any personal information or key material outside your phone or phone backups (if enabled for the application).
The application locally stores (e.g. on your device) the required keys to securely communicate with the USB armory as well as your personal Key Encryption Key (KEK) which is randomly generated at each pairing with the USB armory.
In all cases the F-Secure Armory Drive iOS app:
-
Does not store or have access to your USB armory protected encrypted data.
-
Holds a Key Encryption Key (KEK) which, on its own, does not allow to decrypt your data as it can do so only in combination with the uniquely paired USB armory device.
The local device storage for cryptographic key material is done using iOS Keychain services to releases data to the application only when your device is unlocked.
When iCloud backup is enabled then the iCloud security model applies.
A summary of all cryptographic key material can be found in the API Specifications.