Secure Boot

Binary releases are available for the Armory Drive firmware.

The binary release includes the armory-drive-install tool (for Linux, Windows and macOS) to guide through initial installation of such releases and Secure Boot activation.

⚠️ 🔒 loading signed releases triggers secure boot activation which is an irreversible operation to be performed at your own risk, carefully read and understand the following instructions.

The installer supports the following installation modes:

• F-Secure signed releases: the installation of such firmware images causes F-Secure own secure boot public keys to be permanently fused on the target USB armory, fully converting the device to exclusive use with Armory Drive releases signed by F-Secure.

  These releases also enable authenticated updates through tamper-evident logs powered by Google transparency framework.

• User signed releases: the installation of such firmware images causes user own secure boot keys to be created and permanently fused on the target USB armory, fully converting the device to exclusive use with user signed binaries.

• Unsigned releases: such firmware images do not leverage on Secure Boot and can be installed on standard USB armory devices.

  Such releases however cannot guarantee device security as hardware bound key material will use default test keys, lacking protection for stored armory communication keys and leaving data encryption key freshness only to the mobile application.

  Unsigned releases are recommended only for test/evaluation purposes and are not recommended for protection of sensitive data where device tampering is a risk.

The armory-drive-install provides interactive installation for all modes and is the recommended way to use the Armory Drive firmware.