USB armory

The USB armory is an open source hardware design, implementing a flash drive sized computer.

The USB armory is the world smallest secure computer.

It can safeguard data and run trusted applications, preventing unauthorized access or execution. Minimal attack surface, vast performance and capabilities. Fits right in your pocket, your laptop, your servers. 

Compact. Customizable. Secure.

The capability of implementing arbitrary USB devices in combination with the USB armory speed, the security features and the flexible and customizable operating environments, makes the USB armory the ideal platform for all kinds of personal security applications.

What are the applications?

The USB is a prime platform for the following applications:

Encrypted storage solutions

Hardware Security Module (HSM)

Enhanced smart cards

Electronic vaults

e.g., cryptocurrency wallets, e-voting

Key escrow services

Authentication, provisioning, licensing, tokens

USB firewall

Security features

The USB armory incorporates a vast number of features that can support a wide variety of security architectures. Its capabilities allow the safe storage of data as well as the trusted execution of operating environments and their applications, natively on the device itself. 

Beyond simple smartcards or security tokens, the USB armory is a personal, self-contained, secure server. 

Secure boot_2

Secure boot

The HAB feature enables on-chip internal Boot ROM authentication of initial bootloader (i.e., Secure Boot) with a digital signature, establishing the first trust anchor for code authentication.

True random number generator

The CAAM (i.MX6UL) and RNGB (i.MX6UZ) provide true random number generation for cryptographic operations. 


The built-in Bluetooth (BLE) module allows wireless communication which, in combination with other security features as well as the internal+external storage, enables innovative multi-factor secure storage solutions. 

Secure storage

The SNVS (Secure Non-Volatile Storage) enables encrypted storage of arbitrary data using unique keys. Combined with Secure Boot (HAB) this allows complete lockdown of data through a trusted application. 

RAM encryption

The BEE is included only on in boards mounting the i.MX6UL SoC, it supports on-the-fly (OTF) AES-128 (ECB or CTR) encryption/decryption on the AXI bus, allowing OTF DRAM encryption.

External security elements

The NXP SE050 features hardware acceleration for elliptic-curve cryptography as well as hardware based key storage.

Replay protection

The eMMC RPMB features allows replay protected authenticated access to flash memory partition areas, using a shared secret between the host and the eMMC.


In addition to native support for standard operating environments, such as Linux distributions, the USB armory is directly supported by TamaGo, an WithSecure Foundry developed framework that provides execution of unencumbered Go applications on bare metal ARM® System-on-Chip (SoC) processors.

Example use cases

Armory Drive

Amory Drive

The USB armory provides secure execution of cryptographic operations and data storage. 

The user can unlock the USB armory over Bluetooth, authorizing only need-to-know contents, to ensure safe operation even on untrusted laptops.



The GoKey application implements a USB smartcard with innovative properties. Featuring an SSH based management interface, the card provides a dramatically improved security model over traditional smartcards. By leveraging on the TamaGo framework, GoKey is written and executed with only high-level code, minimal dependencies and a memory-safe environment.

Remote Hardware Security Module

Remote Hardware Security Module

When hosting facilities cannot be trusted, the USB armory, plugged on a server, complements its potentially unsafe environment with self-contained, tamper proof, HSM services.

Remote peers can authenticate the USB armory and use it, while the server remains an unprivileged party.

The server itself can also use the USB armory HSM services for CA/PKI or any other cryptographic purpose, without having access to protected keys.

How to order

The USB armory is assembled entirely in Italy and is available for ordering from selected stores as listed below. Additionally custom/bulk order inquiries can be placed directly by contacting

Product configuration

Standard orders

UA-MKII-ULZ-512MUSB armory Mk II • i.MX6ULZ 900 MHz • 512 MB RAM • enclosure
UA-MKII-DADebug accessory for the USB armory Mk II

Custom / bulk orders

UA-MKII-UL-512MUSB armory Mk II • i.MX6UL 528 MHz • 512 MB RAM
UA-MKII-UL-1GUSB armory Mk II • i.MX6UL 528 MHz • 1 GB RAM
UA-MKII-ULZ-1GUSB armory Mk II • i.MX6ULZ 900 MHz • 1 GB RAM
UA-MKII-ENCEnclosure for the USB armory Mk II

Related resources

Board support


USB armory installation, configuration and usage.

Read more


Join our discussion group.

Read more


Board schematics, layout and support files.

Read more

Armory Drive

USB encrypted drive.

Read more


The bare metal Go smartcard.

Read more


Go Trusted Execution Environment (TEE) w/ TrustZone.

Read more


File encryption and HSM front-end.

Read more


Bare metal Go for ARM SoCs.

Read more


One-Time-Programmable (OTP) fusing tool

Read more

Armory Boot

USB armory - boot loader

Read more

Want to customize / bulk order or talk in more detail?

Complete the form, and we'll be in touch as soon as possible.

Our accreditations and certificates