Hardware Encryption and Secure Storage
Both P-3X (USB 3.0, SSD) and Rosetta TrustedFlash (microSDHC, flash) deliver high-security, use-anywhere USB and microSD encryption and authentication built on trusted Secured By SPYRUS™ technology—the same Suite B military grade security used by the US and other Governments to protect Data at Rest. The cryptographic components in every SPYRUS security device are designed, engineered, and manufactured in the United States. The SPYRUS family of secure storage solutions add further security capabilities such as providing authentication and public key enabled (PKE) application services used by enterprise and Government organizations for two factor authentication and secure communications.
IoT Storage SDK
The Rosetta IoT Storage SDK makes it easy to add hardware encrypted secure storage to your embedded solution. With this SDK, you will be able to initialize the secure storage, lock and unlock the secure storage (enabling and disabling the internal transparent hardware encryption). The included library and sample source code demonstrate how simple it can be to integrate SPYRUS hardware encrypted storage drives on various desktop, server and embedded systems. The xUnlocker sample utility provided in this SDK utilizes the SPWLib API, a C language interface library, to use the encrypted storage on the SPYRUS P3x and Rosetta microSDHC devices. Additionally, the embedded secure element provides Hardware Security Module (HSM) services. Other SDK’s are available for using this additional functionality.
The Rosetta IoT Storage SDK consists of the following files:
1. SPWLib – Dynamic library for the C interface API
2. SPWLib.h – Header File for the library
3. xUnlocker.cpp – Sample application
4. CMake build (not required if you choose to create your own build environment)
5. Doxygen API Documentation – in HTML and CHM formats
6. Rosetta Hardware
a. Rosetta TrustedFlash® microSDHC
b. PocketVault® P-3X
c. Installing CCID Smart Card Readers in Linux.pdf – Guide for installing CCID smart card readers in Linux
7. P-3X Getting Started Guide – Getting Started Guide for P3X (comes with hardware)
8. Rosetta microSDHC Getting Started Guide (comes with hardware)
9. README.txt and EULA.pdf
The SDK includes support for the following platforms:
1. Windows desktop 32 & 64 bit
2. Linux desktop 32 & 64 bit
3. Raspberry Pi 3
4. Dragonboard 410c
5. TI OMAP embedded boards
SPYRUS Rosetta IoT Storage SDK Overview
The SPYRUS Secure Storage Creator Tools are used to provision the family of SPYRUS bootable live drives with a Linux ISO or raw disk operating system image. Provisioning runs under administrator control and sets everything to an operational provisioned state. The provisioning process supported by the SPYRUS Secure Storage Creator Tools divides the drive’s memory into two main compartments. The first, and much smaller, compartment is a clear (unencrypted) compartment that contains the SPYRUS ToughBoot™ boot loader and the appropriate configuration files to boot the Linux kernel image which resides in the encrypted compartment. This small memory compartment is also provisioned to be hardware enforced “read-only” by default to protect the integrity of ToughBoot and other utilities from one boot to the next.
The encrypted compartment is comprised of the remainder of the drive’s memory and is fully encrypted using hardware based, 256-bit, XTS-AES sector encryption The provisioning process will then set up the cryptographic configuration of the drive as well as administrative settings including the user boot password (needed to log on to the drive), the admin password (needed to manage the drive’s disk configuration settings), and all password policies and other drive settings. Finally, it loads the pre-established contents of both the clear and the encrypted compartments. The provisioning process runs under administrator control and sets everything to a known provisioned state.
ToughBoot can support booting from both BIOS and EFI systems from the clear compartment. The BIOS boot loader is saved in the compartment between the Master Boot Record (MBR) and the first partition. The first partition contains the GRUB configuration file for booting from BIOS as well as the configuration file for booting from EFI. ToughBoot supports EFI secure boot and therefore requires the Linux kernel certificate, which is signed by SPYRUS. Currently SPYRUS supplies the Canonical master certificate and a CentOS certificate. The boot loader will validate that these certificates are signed by SPYRUS and then uses them to verify the signature of the Linux kernel before the kernel is booted from the SPYRUS live drive.
The second “encrypted” partition contains the actual Linux Operating System image. The Linux2Go provisioning scripts takes care of all the proper initialization steps for both the unencrypted and encrypted partitions to ensure the drive will operate properly. It is mandatory that the grub.cfg must match what is in the encrypted compartment for the drive to boot properly.
L2G Linux Creator Tools provides a tool kit to manage each stage of Linux provisioning allowing a user to create scripts to customize the Linux OS disk configuration.
The SPYRUS Secure Storage Creator Tools are made up of the following components:
- Ubuntu ISO File example consisting of the deployment directory, Script and XML settings files.
- Ubuntu Image example consisting of the deployment directory, Script and XML settings files.
- Kali Image example consisting of the deployment directory, Script and XML settings files.
- WorkSafe Pro examples for the Ubuntu ISO file and for a dual Ubuntu and Kali image file.
- ToughBoot boot loader in each example:
- img and core.img – BIOS Boot loader
- BIOS Boot Loader configuration file
- EFI Boot Loader configuration file
- SPYRUS EULA
- Linux_Image_Script – Directory containing the scripts for provisioning your Linux image on the WorkSafe Pro
- wsp_creator – Directory containing the wsp_creator Python scripts.
- wspcreator – Main application for running the Python provisioning script.
- exe – WSP Setup utility for changing the settings on the WSP partitions.
- libcrypto.so.1.0.0 – middleware library used by WSPSetup.exe.
- SPYRUS EULA.
- EULA – The End User License Agreement accepted prior to using the L2Go SDK
Click on the links below to download a PDF of the product overview and technical specifications. All products are available in memory sizes ranging from 32GB up to 1TB; and they all take advantage of SSD memory to provide high performance over a USB 3.0 interface
SPYRUS Rosetta IoT Storage SDK View/Downoad