Skip to content

Frequently Asked Questions (FAQ)

Jump to bottom
Andrea Barisani edited this page May 3, 2021 · 11 revisions

Armory Drive FAQ

How does F-Secure Armory Drive protect my data?

The USB armory device, when using the F-Secure Armory Drive firmware, performs on-device encryption/decryption of the microSD card contents using hardware accelerated AES-128-CBC full disk encryption (FDE).

Encryption keys are freshly created at each pairing using the device True Random Number Generator, to protect Bluetooth communication with mutual authentication and microSD card contents.

The microSD card encryption key is derived from the combination of:

  • Mobile phone generated and stored key, communicated with mutually authenticated and encrypted Bluetooth communication at each unlock.

  • USB armory unique device hardware key.

This guarantees that the microSD card contents can be unlocked only with the right combination of USB armory device and unlocked paired mobile phone.

How does the USB armory protects F-Secure Armory Drive firmware and configuration?

The F-Secure Armory Drive firmware is meant to run on secure booted USB armory Mk II devices.

This allows firmware authentication with burned in read-only public keys as well as confidential configuration storage with device specific hardware keys.

The drive name does not match the one I see in the mobile app!

This is normal, the drive name is arbitrary and like any disk drive it can be changed arbitrarily by the user when formatting it.

The identifier seen in the mobile app on the other hand is fixed and relates to the device Bluetooth interface.

Can I use the F-Secure Armory Drive on an iPad?

Absolutely! But you will need another computer to format the microSD card if it's the first usage, as iPadOS does not offer the possibility to format peripherals.

Can I pair the F-Secure Armory Drive a second time?

Yes, but the pairing process will generate new encryption keys, which means the current microSD card content will be lost.

What happens if I lose or break my phone?

On iOS, if the iCloud keychain is enabled, the application and its settings will be restored automatically.

In other cases, a manual procedure to export the recovery QR code is available.

If you have a backup of the recovery QR code, you can use the Recovery from QR code function from from the Info screen:

image-20201013154554002

If you don't have a backup of the recovery QR code, the content of the microSD card is lost.

What happens if I lose or break the USB armory?

The content of the microSD card is lost.

What happens if I lose or break the microSD card?

The content of the microSD card is lost.

What is the firmware technology running on the USB armory?

The F-Secure Armory Drive device firmware is a bare metal unikernel written in F-Secure own TamaGo framework.

This open source framework allows powerful and secure firmware to be created with minimal attack surface and dependencies, solely using a high-level memory safe programming language (Go).

The F-Secure Armory Drive firmware is also open source and published in this repository.

Clone this wiki locally