Linux2Go

SPYRUS Linux2Go drives bring a new dimension to the world of edge computing allowing secure Linux operating system on a USB 3.0 SSD drive for the most powerful, secure and affordable solutions available. The drives are built on the features of the award winning Microsoft certified SPYRUS Windows To Go family, incorporating the most advanced encryption and security technologies with the greatest versatility in size and performance features in the industry.

Two models of SPYRUS Linux2Go drives are available: the Secure Portable Workplace  (SPW) and the WorkSafe Pro (WSP). Both models combine Secured by SPYRUS™ encryption and security technologies with a USB 3.0 drive. The WSP drive also provides fully integrated PKI smart card support from the embedded Rosetta® Micro FIPS 140-2 Level 3 certified EAL5+ security controller when used with the SPYRUS PKCS#11 software.

SDK

Linux2Go Creator Tools Overview

The Linux2Go™ (L2G) Linux Creator Tools are used to provision the family of SPYRUS bootable live drives with a Linux ISO or raw disk operating system image. Provisioning runs under administrator control and sets everything to an operational provisioned state.  The provisioning process supported by the L2G Linux Creator Tools divides the drive’s memory into two main compartments. The first, and much smaller, compartment is a clear (unencrypted) compartment that contains the SPYRUS ToughBoot™ boot loader and the appropriate configuration files to boot the Linux kernel image which resides in the encrypted compartment. This small memory compartment is also provisioned to be hardware enforced “read-only” by default to protect the integrity of ToughBoot and other utilities from one boot to the next.

The encrypted compartment is comprised of the remainder of the drive’s memory and is fully encrypted using hardware based, 256-bit, XTS-AES sector encryption The provisioning process will then set up the cryptographic configuration of the drive as well as administrative settings including the user boot password (needed to log on to the drive), the admin password (needed to manage the drive’s disk configuration settings), and all password policies and other drive settings. Finally, it loads the pre-established contents of both the clear and the encrypted compartments. The provisioning process runs under administrator control and sets everything to a known provisioned state.

ToughBoot can support booting from both BIOS and EFI systems from the clear compartment. The BIOS boot loader is saved in the compartment between the Master Boot Record (MBR) and the first partition. The first partition contains the GRUB configuration file for booting from BIOS as well as the configuration file for booting from EFI. ToughBoot supports EFI secure boot and therefore requires the Linux kernel certificate, which is signed by SPYRUS. Currently SPYRUS supplies the Canonical master certificate and a CentOS certificate. The boot loader will validate that these certificates are signed by SPYRUS and then uses them to verify the signature of the Linux kernel before the kernel is booted from the SPYRUS live drive.

The second “encrypted” partition contains the actual Linux Operating System image. The Linux2Go provisioning scripts takes care of all the proper initialization steps for both the unencrypted and encrypted partitions to ensure the drive will operate properly.  It is mandatory that the grub.cfg must match what is in the encrypted compartment for the drive to boot properly.

L2G Linux Creator Tools provides a tool kit to manage each stage of Linux provisioning allowing a user to create scripts to customize the Linux OS disk configuration.

File Structure

The L2G Linux Creator Tools are made up of the following components:

  • Ubuntu ISO File example consisting of the deployment directory, Script and XML settings files.
  • Ubuntu Image example consisting of the deployment directory, Script and XML settings files.
  • Kali Image example consisting of the deployment directory, Script and XML settings files.
  • WorkSafe Pro examples for the Ubuntu ISO file and for a dual Ubuntu and Kali image file.
  • ToughBoot boot loader in each example:
    • img and core.img – BIOS Boot loader
    • BIOS Boot Loader configuration file
    • EFI Boot Loader configuration file
    • SPYRUS EULA
  • Linux_Image_Script – Directory containing the scripts for provisioning your Linux image on the WorkSafe Pro
  • wsp_creator – Directory containing the wsp_creator Python scripts.
  • wspcreator – Main application for running the Python provisioning script.
  • exe – WSP Setup utility for changing the settings on the WSP partitions.
  • libcrypto.so.1.0.0 – middleware library used by WSPSetup.exe.
  • SPYRUS EULA.
  • EULA – The End User License Agreement accepted prior to using the L2Go SDK

If you would like to get a SPYRUS HSM and download our SDKs, we will need you to register with our developer community:

Register with the SPYRUS developer community

Click on the links below to download a PDF of the product overview and technical specifications. All products are available in memory sizes ranging from 32GB up to 1TB; and they all take advantage of SSD memory to provide high performance over a USB 3.0 interface

Linux2Go Product Tech Sheet    View/Download