Two models of SPYRUS Linux2Go drives are available: the Secure Portable Workplace™ (SPW) and the WorkSafe™ Pro
(WSP). Both models combine Secured by SPYRUS™ encryption and security technologies with a USB 3.0 drive. The WSP drive also provides fully integrated PKI “smart card” support from the embedded Rosetta® Micro FIPS 140-2 Level 3 certified EAL5+ security controller when used with the SPYRUS PKCS#11 software.
A summary of the SPYRUS Linux2Go Drives available and their features is show below for Secure Portable Workplace and the WorkSafe Pro:
| ||XTS-AES 256|
|Built in PKI|
|Secure Portable Workplace||
Linux2Go Drive Level Security Features
Secure Boot – The Linux2Go drives defend the integrity of the operating environment throughout the boot process of each profile, even when the drive is booted on compromised systems. Numerous health checks validate the integrity and detect tampering of the hardware and firmware of the drive, as well as the SPYRUS ToughBoot™ loader and the Windows bootloader, prior to booting the OS. The SPYRUS ToughBoot loader is signed and meets all UEFI Secure Boot criteria allowing an additional integrity check during the boot process. This is done to prevent malware infections from corrupting the boot sequence.
Hardware Read-Only on Boot Compartment – To add additional protection to the boot environment of the Linux2Go drives, the entire Boot Compartment can be protected by placing it in a hardware enforced read only mode. This will block changes that are attempted to be made on the boot component of the drive. In addition, until successful user authentication, none of the encrypted memory on the drive can be accessed. This way, when the drive is “At Rest” only the read only boot compartment is exposed to possible cyber-attack.
Hardware Read-Only on Encrypted Profiles – All Linux2Go drives can be configured so that the hardware encrypted operational compartments can be additionally protected by placing it in a hardware enforced read only mode. This will block changes that are attempted to be made on the boot component of the drive or encrypted profiles. In addition, until successful user authentication, none of the encrypted memory on the drive can be accessed.
This way, when the drive is “At Rest” both the read only boot compartment and the encrypted operating compartment are safeguarded from possible cyberattack. A read only mode device is ideal for organizations who only want to the user to access corporate networks from a trusted “thin client” and not allowing saving the data locally to the device.
Built-in PKI “Smart Card” – On the WSPversion of the Linux2Go drives the embedded SPYRUS Rosetta “smart card”, along with the SPYRUS PKCS#11 driver, allows enterprises to perform standard smart card security functions such as multi-factor authentication and VPN access, using strong PKI credentials from a FIPS 140-2 Level 3 certified hardware security module.