 So, thank you everybody. Andrea Barizani, you might have seen me yesterday in the NVIDIA talk. You might have not. So I'm going to talk here about the USB Armory, which is a project that we very recently announced and that is now in a crowdfunding phase. I will be super quick about it because this is a one-hour presentation that we're going to squeeze in hopefully 25 minutes. So this is the device that I'm going to talk about, which is basically a computer squeezed in a very tiny USB stick. And it's all open source. And it's called the USB Armory. So, why did we take on doing something like this? So we're a company that does security, so we wanted a very small trusted device for personal security applications. And as soon as we thought that it would be nice to have a computer in a very small form factor, a series of ideas popped up about having, you know, enhanced mass storage with advanced capabilities, using it as an open SSH proxy, as a VPN router, Torr router, electronic wallet, and so on. All of these applications fit the use case for having some hardware like this. So the first use case that we thought of was like, wouldn't it be nice to have an enhanced mass storage so that not only I can copy a file on a USB drive, but it would also get automatically encrypted with whatever key that you might want to, with a key that maybe it's selected upon the folder that we're placing the file on, or the name of the file, or whatever criteria that we might decide. So something that would have the flexibility to be changed in the manner that you please. So not a single-purpose fixed hardware for doing something like this. And if we have a computer on a USB drive, we could also maybe scan the file for viruses, malware, whatever you like. So this was one of ideas. And the way that we wanted to implement it was to have a tiny Linux computer emulating USB storage and then piping, filtering the files that you copy on it to whatever filter that you might want to have. And then of course, once this idea came up, we thought, but we could do so much more. If we have a small device which is actually a computer, we could just use TCP-IP and then have capabilities such as uploading the files somewhere, sending it over email wherever you want to, giving you whatever, a Google Drive, but Google might be a very bad word here for this audience, so whatever file sharing or direct upload mechanism that you want. So all of these possibilities enabled by the fact of having a simple computer, open computer, on a USB drive. And then we thought, but we could do so much more. What if for deniability, you could have it to wipe itself automatically if a failsafe word is detected. You copy a file on it, which is a very specific name, or you create a folder which is a very specific name, or you do whatever action that you might want to do and then the drive automatically wipes itself. All of these features are of course things that you cannot achieve nowadays with a normal USB drive or any commercial product that is out there. You can see the thought process as soon as we had this idea of having such a tiny form factor for an open source design, all of these possibilities came to mind. It of course can be used as an SSH proxy, so imagine that you are on an internet kiosk or using a computer that you don't trust and you want to SSH to do your servers from it. You connect this USB device onto your laptop, it gets exposed with TCP-AP, you SSH to it with maybe a one-time password or whatever you might want or a password that you don't care if it gets compromised, and then from it you SSH out to the internet by using the private keys which are stored on the device but they do not leak on the host computer which is supporting the device for communication. It can be used as a password manager. Why not? Either something really stupid where you ask, you use a pin, you unlock whatever web application that you have on it, you ask for a password for a specific site, the password gets copied to your clipboard or it gets displayed or you can even have a proxy on the device itself, a web proxy that would just replace whatever magic play-solder for a password that you're putting with the actual real password that never gets compromised on the USB host. All of these various applications are enabled by having such a very simple concept of having a computer on a USB drive. Of course, it can also do the standard role of being used as an authentication token UTF, U2F, the FIDO protocol which was recently announced, the Google authentication token or any other token that you might think of, of course. And there's also a very interesting idea which now can be done with such hardware which I really, really like which is authenticating the host. So the USB device authenticates the machine that it is connected to because, of course, being this now an active device with its own kernel, its own applications that can be executed and scheduled as you prefer, this device can communicate with your host and can decide to assess if the host that's being connected to is the legitimate one or not. A very simple mechanism would be just to check the SSH fingerprint for the SSH demon that is running on your laptop. And then, of course, you can decide what action to take if the host is not trusted. The device can decide to wipe itself. It can decide to even brick itself because the specific system on a chip has way to fuse keys that if they're random then the system on a chip would never be able to boot any other code. So all of these possibilities are unthinkable with standard USB devices and especially this one is something that I really like. You can even have it so that if this device is connected to a laptop which is not yours it will not do anything particularly damaging but it will just present a different set of files. Why not? I'll plug it to your laptop and you see Mickey Mouse. I'll plug it to mine and I see porn. I don't know, you know. You can decide, you know. Whatever you like. So in order to support this application we have a few design goals. It needs to be compact and USB power. And when I mean USB power I don't mean to have a power supply with a USB form factor. I mean being powered by a standard USB port on your laptop or your PC. It needs to have a fast CPU not some very slow single-purpose microcontroller which of course might do some of these use cases but it would be highly optimized in order to achieve your goals. We want something which is fast and a generous amount of RAM. We want secure boot. We want to be able to sign with our own keys the code that runs on the storage of this device and so that it gets executed on my personal device. Standard connectivity over USB and very important to have a familiar developing and execution environment. So not something which is heavily customized not something which is hard to develop something that is easy, super easy. And of course it needs to be open. Open software, open hardware. This is a security device and one of our goals is also to minimize supply chain attacks. So you need to be able to look at this device to open schematics and see exactly what's here and if you want to modify it you want to have the PCB layout we also provide that. So the challenges the first of many challenges in doing something like this was of course selecting the system on a chip and went for the free-scale IMX53. It's powerful. It's an A8 ARM CPU it can be clocked between 800 MHz and 1.2 GHz. Almost every datasheet and manual is public. No NDA required especially for secure boot which was very important for us. I wouldn't go as far as saying that the datasheets of free-scale are awesome because they're not but they're less scrappy than many other vendors which is fine by me. He has ARM trust on secure boot, secure storage and secure RAM on the system on a chip there's a detailed power consumption guide available which to us is very useful when we want to prototype such design and there's excellent native support this system on a chip can run Android, Debian, Ubuntu, FreeBSD the Geno.OS a lot of different operating systems natively with no customization required which of course saved us from a lot of effort in customizing things but also empowers you to just use stock Linux distributions on a USB device and also this specific system on a chip is a good stock and production support guarantee because you don't want to commit to a design and then find out in one month that oh sorry we don't have this chip anymore because of course that's going to be a nightmare. I'll skip over this because we didn't have too much time one of the things that we evaluate is having a good trust on support into this CPU which will allow us to separate the software that runs on this device to even have a further level of separation so of course with this device we shift the concept of live OS this is not just a storage where you boot from it's a completely independent computer that runs but what we can do we can segregate the code that runs on this device even more and having the so-called normal and secure world that trust on supports and these two words are completely separate and the interesting thing about trust soon is that not only you can separate something like the memory space and the code execution segment but also all the different hardware sub components which are attached to the system and a chip can be assigned to one of these two words so just to give you an example there's an LED on this device and this LED if you want can be assigned solely on the secure world which means that whenever the LED is on you know by design, by hardware enforcement that at that specific time the secure container is running and not the normal one just by looking at an LED and we thought that's a very cool feature so in this way one of the ideas that we have is to implement the encryption and the encryption for the micro SD card in a secure container so that even if the Linux OS which is of course wider attack surface get compromised you won't be able to extract the encryption keys from memory because that memory cannot be accessed either by direct addressing or also by doing DMAs with the other components on the system on a chip because every single component is trust and aware so this is a development timeline that we did we had a concept idea in January based on a completely different system on a chip in March we began development we did a breakout board in August we ordered an alpha board the alpha board right away we announced the project in October in November we made an order for beta boards the beta boards arrived and from there we finalized the design for the March one completely open source open hardware it is crowdfunding right now on crowd supply and we're 72% of our goals so I'm pretty sure that we can make this happen but of course if you're interested in this please check that so it is USB host power very small it has a micro sd card slot so all of the codes and the boot loader they boots from the micro sd card there's a 5 pin breakout header for GPIOs, SPI SQC and Serial which you can use there's the LED which can be used for secure mode detection we tested already Ubuntu and Debian and Android and GinoDOS running on it without any issues whatsoever and we also tested that we can emulate ethernet storage input devices pretty much everything so of course so far I only mentioned device mode and while developing the device we I would say we're a little dumb because we drove the id pin from the USB on the go to ground and we thought you know we can never change the role of that device but it turns out that we can also put the device in host mode so by putting the device in host mode it means that if you have a female to female adapter which here it's implemented with a bread port just like a keyboard, a mouse a USB screen, a USB Wi-Fi adapter and you can use this in completely standalone mode just by a software configuration and then you can decide to pull it off, put it in device mode and attach it to your laptop which I think you know it's a very nice way of inverting its use so for the super paranoid in this way it's completely standalone and this is the custom host adapter so all of you hardware nerds and geeks can make this very easily on a breadboard or whatever it's super easy but it's simply female to female and then a micro USB for power so with just a power USB hub and this adapter you can use the device with whatever peripherals you want in host mode so what were the challenges in making this device of course we have BGA chips for the system on a chip in the memory and it's also a very tiny form factor which means that there was no way at least we were incapable of doing maybe some of you are much better than us to prototype this by hand to just order the PCBs and solder everything on our own so the process was we make a design, we make the order for two 10 devices very expensive one because it's high specifications PCB and then we hope for the best and the first thing that we wanted to do was like let's try to be smart let's try to avoid this and let's do a BGA prototype in board and our idea was we make a really expensive board and we buy a really expensive socket adapter which is there which allows us to plumb the system on a chip without actually soldering anything at all it's about a 700 euro adapter and maybe this way we can power it up and test pretty much everything except the memory and test all of the possible routing and configuration without wasting a lot of money with PCBs so and this is the power boards that we tried to make but Darth Vader there which is me killed the admiral which is my colleague because it was something like you failed me for the last time because after making 10 of these we would never manage to make them work because the tolerances for distances between inductors and capacitors and the power control unit are so high that by doing this by hand as you know as much as careful as you can be you out of 7 voltage lines one of them will not be stable enough so this was definitely not the right way of doing things so this thing turned out to be like the superstar destroyer a giant thing which cost a lot of money it's low and at the end of the day it's useless so don't do this if you're making hardware go for the you know proper design right away because if you're lucky like we were it will work the first try and you can save a lot of time so when you have switching power like this you know don't list in our case it was a completely pointless exercise to try and be smart second challenge we use key cut to do everything which is a nightmare I mean it's open source we wanted to use it because then you can open up the design and modify it but routing RAM with key cut is you know I would really rather be in a different life it took me two weeks to route the RAM between the sock and the memory module so that was a real real pain but we made it it works so it can be done and I think it's pretty amazing that you can do it completely with open source tools the reason why RAM routing is tricky is because all of those lines need to be exactly of the same length if you really want to be super you know paranoid about it and when your PCB costs a lot and you don't want to you know waste money you really want to make sure that they are the same length and key cut doesn't help you in doing that at all so then you go from the schematics but key cut is very good in giving you 3d representation by the way of the board which is not that useful but you know at least it looks nice so we see our 3d thing we get hyped and then we make the order and we get the alpha board and the alpha board you see the admiral it's a different one than the one before because that one died but they all look the same anyway so that admiral is alive and standing because the alpha board worked at the first try again I wouldn't really inspire you to make hardware and even if it seems like a very daunting task for certain designs this is one of the most difficult things I could think of making you know chances are that you will be successful so I really want to inspire you into doing hardware so the alpha board was a little larger because we wanted to have a JTAG connection and all possible test points to figure out what was wrong in case things went wrong because it could be really really difficult to debug issues especially when the board doesn't you know it doesn't power up and you know and also you have to work with the manufacturer a lot because doing a design on keycard and you know even if your design rules pass it doesn't really mean that you can manufacture that board reliably on a larger scale so it was really important to work with the manufacturer to understand what were the tolerances of the pick and place machine the soldering mechanism you know to understand what were the various tolerances and see if the board could have been produced also because when you make something this size you're going to violate pretty much every single recommendation that you find on pretty much every single data sheet for every single component they will tell you oh you should do this and then you're like oh you asked me to have like a soccer field like miles of traces around the memory but I can only go that way so you will you know you will forget all of that and you would just go for it but it works you know we had JTAG which was useless but it makes a very nice picture because that also works and you can connect to it with a bus pirate power consumption was great it works we can turn on the LED which we added later by the way and the same power of a Pentium 2 is squeezed right there which I think and it's all done with open source tools I think this is amazing and anybody can do this thank you then we get the beta boards so beta boards we order six revisions actually seven revisions to lower down the price so we tried different things we tried to move from eight layers to six layers we ignored a few recommendations about how to power run up we removed a certain components we tried not to power the USB host which at the end we didn't do which is a good thing because now we also have host mode so we went from alpha to beta to mark 1 which you can see were different iterations so that was one order with multiple designs they all worked but from there we picked the one that was cheaper and that was most effective lessons learned, number one there were some tiny inductors which were extremely fragile and when I say fragile I mean that after one week they were just coming off and not because the soldering wasn't done correctly that you will never break unless you do it intentionally so it wasn't meant to be to take the shock of being placed on a table like that twice a day for a week they were coming off the importance of testing you don't want to make a thousand boards that have this problem so one of the first thing we did we changed the inductors we knew ones which have a very nice shape which looks like ballastar galactica note pad so I'm really proud of them they will get super hyped about these things you're like oh I'm reading a data sheet about ESD 50 pages long it's awesome just for one tiny component don't do it you get crazy second very evil problem gold plating we need gold plating for the USB connection because otherwise after 50 users it would just not work anymore the way you do gold plating we don't do gold plating we just sell to the manufacturer do gold plating on those pads they do it and the way they do it in this case in the beta version they need some contact points to place the deposit and what they did they did four traces that you can see there that were going outwards over the edge of the board so what happened there we plug the board we see that we have a five seconds of delay and then the boot starts every single time it starts coming from so what are you going to do you search into every data sheet and you search with your pdf reader five seconds and you find that five seconds is the way time that the voltage regulator uses for under voltage detection and then we're like so why do we have an under voltage connection because by cutting the board we have four little conductive dots so if you make contact with the usb plug then no contact and then contact again and that causes the under voltage at connection we didn't design those traces the manufacturer did and we spent three days banging our hands trying to debug this problem so that was very evil and on the right side you see a better way of doing gold plating with the four little pads on the traces so that was lesson number two things that should be trivial options that you just click oh yeah sure, do gold plating they might result in bugs so this is the final design we moved JTAG on the back for people that still want to use it by soldering those pads JTAG can be disabled of course and when you are in secure trust on mode of course you will not be able to use it so don't worry about that and we see the pin header and I have exactly six minutes for question if you are interested in this project please go on the crowdfunding page thank you very much and actually I totally forgot I have one attached to my laptop and I can just SSH to it so this year this is my usb drive running linux and this year this is the electron bitcoin wallet running on the usb drive and being exported over X to my windows machine so all of the keys are on the drive this application took 30 seconds to test as soon as we put the device we are like let's do that so you can see the potentiality of this platform thank you, questions question from microphone 4 please first of all thanks for making such a great thing and second of all I'd like to ask if you have already an alpha or beta software for authenticated boot yes okay so the secure boot there is an application note by free scale which we are going to convert into open source scripts where you can just use them so secure boot is there it's not something that we implement but we are going to make it easier for you in order to use it and that should happen before march now we want to push the hardware out but then we are going to make that awesome thanks 2 please thanks great project there is an SD card with wifi on it and full linux system running it and it's kind of open source with unit booting did you take a look at this and what what's the name of it it was wifi i or something from sandis if I remember correct but there are two versions of it and you can run your own code on it you don't have the nice debugging features but it's used for sharing files over wifi for photographs and you can manipulate the files as well but it has less features so this is great but did you take a look at it before you did this so before we had the idea of course we looked at everything that was out there and it was nothing that fit all the features and nothing that was open source like this and also you should be very careful because some of them they will draw more than 500 milliamps in order to use the wifi and hdmi and the cpu so one thing is having a power adapter which is a micro usb form factor one thing is being power from the usb host completely okay so that's a key difference so none of these qualities were existing when we started this project and I don't think they exist now still so this in my opinion is unique okay yes thank you microphone number five please hey do you have experienced any heat problems and the second question is could you imagine to put a robust casing around it so that it can be attached to a key ring and be carried around every day so we're working on a case right now and we hope for a case option to be available on crowd supply before the end of January so we're definitely thinking of that but it's also open source so if anybody has capabilities for making a case you can do it regarding heat we tested it of course if you're using cpu 100% the memory 100% it gets toasty but it won't damage the board and you won't damage you unless you're extremely stupid so it gets hot as any naked board and any stock but there's not a problem at all about that and we tested that microphone number one please hi thank you for the great work my question is about you told us that it's all open source and now as far as I know the trust zone with ARM you need to sign with them an NDA no that's not correct every reference guide for trust zone is public and can be used publicly actually the support for trust zone there are two different aspects there's what ARM gives you in the instruction set which you will find in the ARM assembly instruction set where of course no NDA is required and then there's the hardware support which is vendor dependent the hardware support which is vendor dependent is only partially under NDA but all of it is published within the genode OS source code so all the information that you need to use trust zone is open great thank you microphone number three please thanks for the great project quick question if you're going to use it as a standalone computer it would be really useful to have HDMI at some point I mean obviously it's open hardware but one day if you thought about it so one of the things that you want to be careful when you make hardware you don't want to put too many features on it because otherwise you're going to derail it and you're going to have to put too many features on it so we like minimal beautiful designs so we didn't think of HDMI for a second thank you and guess what we realize that by taking the inverse path we can use USB host mode and you can use a USB monitor of course it's not like HDMI but you can still if you want to use it completely standalone without all the hassle of having an USB host mode you can use it so I want this to be focused on that but who knows maybe in the future and it's open source so if you want to add a connector just take the project and do it thank you thanks we can take one last question microphone two please if I got that correctly I can put my own keys on the device for verifying the software that's running on it right so you bootstrap so you can do it from either the bootloader or from Linux itself you can fuse the keys there are certain register which you can use and you don't fuse the keys you fuse the hash of the public key you have four slots and you can also have one revocation key I think I don't remember but you can have up to four different keys and those are yours and once those are enforced the bootloader needs to be signed with those keys otherwise nothing will boot and there's no way to override it thanks thank you very much warm round of applause