Did I brick it? USB Armory Mk II

Daniel Tripp

unread,

Jul 2, 2023, 3:01:12 AM7/2/23

to USB armory

Was working perfectly this morning as a USB gadget, storage and ethernet, and sharing ethernet (Debian Buster on the Armory [on SD-Card], Pop!_OS 22 on the linux host).

But I'd NEVER used the EMMC before so I thought I'd try using it.

I ran the latest (downloaded today) version of the linux binary "armory-drive-install" - and it presented a USB storage device "F-Secure..." (or whatever - as I can no longer get this to show) storage device, and automounted it in /media/$HOME/F-Secure (or whatever).

I also paired my iPad (mini 5th gen) to it and used the QR-Code... I don't have an iPhone...

Somewhere along the way - I've bricked it... I'd tried switching the boot select toggle between EMMC and SDCard a number of times - and it makes no difference. I'm guessing I enabled secure-boot but it's got nothing "secure" to boot from maybe? I really just wanted to put a debian based O/S on the EMMC...

It just sits there now with BOTH blue and white LED on (constantly, on).

Only ever shows up in lsusb as "i.MX 6ULL SystemOnChip in RecoveryMode".

Bus 002 Device 009: ID 15a2:0080 Freescale Semiconductor, Inc. i.MX 6ULL SystemOnChip in RecoveryMode
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x15a2 Freescale Semiconductor, Inc.
idProduct 0x0080 i.MX 6ULL SystemOnChip in RecoveryMode
bcdDevice 0.01
iManufacturer 1 Freescale SemiConductor Inc
iProduct 2 SP Blank 6ULL
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0022
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 4 Freescale Flash
bmAttributes 0xc0
Self Powered
MaxPower 10mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 5 Freescale Flash
HID Device Descriptor:
bLength 9
bDescriptorType 33
bcdHID 1.10
bCountryCode 0 Not supported
bNumDescriptors 1
bDescriptorType 34 Report
wDescriptorLength 76
Report Descriptors:
** UNAVAILABLE **
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 1
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
cannot read device status, Resource temporarily unavailable (11)

I've hooked up the SDC serial thing in UART mode - but I never see a new tty device popup in Linux, so I don't know how to debug with UART if I don't have a tty serial device...

The documentation only mentions this :

Fallback

The boot process falls back to other boot modes, in case the attempted boot fails to find valid instructions.

eMMC boot mode:
1. Try eMMC
2. Fall back to microSD
3. Fall back to USB SDP mode
microSD boot mode:
1. Try microSD
2. Fall back to USB SDP mode

But it never seems to do ANY of those no matter which position the boot select toggle is in...

I can read the SD-Card that it was booting from before. Is there something I can put on there to allow it to "secure boot" - or do I have a miniature brick now?

Any help would be much appreciated...

Andrea Barisani

unread,

Jul 3, 2023, 9:39:31 AM7/3/23

to USB armory

The recovery mode is not meant to be used as UART, but rather with SDP (Serial Download Protocol) loading tools. The mode you are showing matches the recovery (or SDP mode) of the board.

To use SDP to recover armory drive please see: https://github.com/usbarmory/armory-drive/wiki/Frequently-Asked-Questions-(FAQ)#a-firmware-upgradeinstallation-was-suddenly-interrupted-or-failed-what-do-i-do

In general SDP can be used as follows: https://github.com/usbarmory/usbarmory/wiki/Boot-Modes-(Mk-II)#serial-download-protocol-sdp

I hope this helps.

Daniel Tripp

unread,

Jul 3, 2023, 9:43:07 PM7/3/23

to USB armory

Hi Andrea,

Thanks for your quick response.

Is there any other way to reset it out of SDP mode? After running "armory-drive-install -R" :

████████████████████████████████████████████████████████████████████████████████

*** Armory Drive Programming Utility ***
*** READ CAREFULLY ***

This will provision F-Secure signed Armory Drive firmware on your USB armory. By
doing so, secure boot will be activated on the USB armory with permanent OTP
fusing of F-Secure public secure boot keys.

Fusing OTP's is an **irreversible** action that permanently fuses values on the
device. This means that your USB armory will be able to only execute F-Secure
signed Armory Drive firmware after programming is completed.

In other words your USB armory will stop acting as a generic purpose device and
will be converted to *exclusive use of F-Secure signed Armory Drive releases*.

I'd rather not do something "irreversible" - at this stage I'd rather just go back to using it as a "generic purpose device" - but it seems that's not possible.

Anyway - none of the other options worked - so I went ahead with "armory-drive-install -R" (even though I didn't want this).

I didn't really want to use the device this way - but I guess I'm stuck with it now, it's that, or a mini-brick for the trash.

I followed the instructions (armory-drive-install -R), the F-Secure device shows up, I press Y, send the path to the mounted F-Secure drive (/media/x/F-Secure) then :

Creating firmware update archive.
Copying firmware to USB armory in pairing mode at /media/x/F-Secure

Copied 2015766 bytes to /media/x/F-Secure/UPDATE.ZIP

1. Please eject the drive mounted at /media/x/F-Secure to flash the firmware.
2. Wait for the white LED to turn on and then off for the update to complete.
3. Once the update is complete unplug the USB armory and set eMMC boot mode as explained at:
https://github.com/f-secure-foundry/usbarmory/wiki/Boot-Modes-(Mk-II)

But the white LED doesn't turn on, then off... Unless I missed it. I see both lights turn off, then the blue light flashing in pairing mode. That's it.

IS there an MX or IMX file with a Linux O/S running that I can flash? I can't find any IMX files on your github. There's "armory-drive.imx" in the UPDATE.ZIP file - but that's just what the "-R" creates/writes right?

e.g. here : https://github.com/usbarmory/armory-boot :

sudo armory-boot-usb -i armory-boot.imx
found device 15a2:0080 Freescale SemiConductor Inc SE Blank 6ULL
parsing armory-boot.imx
loading DCD at 0x00910000 (952 bytes)
loading imx to 0x9000f400 (2182144 bytes)
jumping to 0x9000f400
serial download complete

Where can I get that "armory-boot.imx" file to flash using armory-boot-usb ? Is there a repository of them somewhere?

I have the binary for armory-boot-usb on my system :

file armory-boot-usb
armory-boot-usb: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=e0a61b9f2b64ed0dd1d73d193d19499692ea7f1f, for GNU/Linux 3.2.0, stripped

If I can't get past this - I'll just have to write off the usb-armory Mk II as wasted expense and regret at leisure...

Just did it again - the white LED never comes on... I think I'll just put this expensive device aside and carry on using a Raspberry Pi Zero W or even my Pi Zero 2W... What's not exactly clear is "Please eject the drive mounted at /media/x/F-Secure to flash the firmware." (I'm going to assume you don't simply mean "pull it out of the USB port) - in my Linux desktop file manager (assume Nautilus on Pop!_OS) I click the "Eject" button next to the mounted volume... Volume goes away... No lights go on, or off... How long should I wait?

I might try this one more time on a MacBook, but ready to throw in the towel - thanks for your assistance anyway. All I really wanted to do was boot Linux / Debian off the EMMC instead of SD-Card... I don't have any Windows machine to try this on.

OK - I tried it on my MacBook - I did see the blue flashing pairing light stop flashing, and the while LED come on once, then off... So per the instructions, I pulled it out then put it back in - same result whether EMMC or SDCard boot mode is selected, powers on with both LED on constantly. If I leave it in SDCard mode (on the switch) - it doesn't appear in lsusb (I have it installed via brew on the MacBook)...

When in EMMC mode (lsusb) on the MacBook (it's an M1) :

SP Blank 6ULL:

Product ID: 0x0080
Vendor ID: 0x15a2 (Freescale Semiconductor, Inc.)
Version: 0.01
Speed: Up to 480 Mb/s
Manufacturer: Freescale SemiConductor Inc
Location ID: 0x00120000 / 6
Current Available (mA): 500
Current Required (mA): 10
Extra Operating Current (mA): 0

Regards,

Dan Tripp

Andrea Barisani

unread,

Jul 4, 2023, 2:39:44 AM7/4/23

to USB armory

The only irreversible step is the one clearly advertised by the Armory Drive installer, this would be the fusing of F-Secure or your own secure boot keys.

If you selected secure boot fusing during Armory Drive install or recovery then this operation would be irreversible.

Otherwise recovery / SDP mode is of course not irreversible and can be selected at will, its logic is described here: https://github.com/usbarmory/usbarmory/wiki/Boot-Modes-(Mk-II)

Armory Boot is not meant to be used standalone in this fashion, I'd advise against using it directly as it's only for custom setups.

Armory Drive is meant to be used with a companion iOS application, without it you will not be able to unlock and see the drive. Please read the Armory Drive wiki to fully understand how its firmware works.

If you are not interested in Armory Drive I'd suggest installing Linux on an SD card (https://github.com/usbarmory/usbarmory-debian-base_image/releases/tag/20230315), to do this you can image the SD card with an external card reader and then put the boot switch to SD card mode. Alternatively you can launch armory-ums to expose the internal storage, or the SD card, as USB drive for imaging: https://github.com/usbarmory/armory-ums

Kind regards

Reply all

Reply to author

Forward