- Intro / requirements
- Packet forwarding setup
- Installing Lightning Charge
nanoposfor a point-of-sale solution
The Inverse Path USB Armory is a unique device among the now-popularized SoC-powered category of hardware, which includes the Raspberry Pi and the Rock64. Like the other systems, it is relatively underpowered in terms of computing ability. However, its uniqueness comes from its compact form factor and its components. The Armory requires no power adapter or wall socket; it only needs a USB port to plug into to function. The Armory powers itself via USB and also communicates to its host device in the same manner — via an emulated Ethernet connection. The Armory utilizes the NXP i.MX53 ARM® Cortex™-A8 processor running at 800 Mhz. It also includes 512 MB of DDR3 RAM and a microSD card slot for storage.
“The USB armory board has been created by Inverse Path to support the development of a variety of security applications. The capability of emulating arbitrary USB devices in combination with the i.MX53 SoC speed, the security features and the flexible and fully customizable operating environment, makes the USB armory the ideal platform for all kinds of personal security applications. The transparency of the open and minimal design for the USB armory hardware facilitates auditability and greatly limits the potentiality and scope of supply chain attacks.” From: https://inversepath.com/usbarmory
A good use case that takes advantage of the form factor, the power-over-USB, and the emulated Ethernet-over-USB is a portable Bitcoin Lightning wallet. With this configuration, users can setup a device that runs
c-lightning and stores their private keys on a portable platform that is easily plugged into existing hardware such as Raspberry Pis that run
bitcoind. Also, another scenario is if a user has a laptop they run a full node on. The Armory can simply be plugged in and the user can then transact over the Lightning Network and run Lightning-powered applications (LApps). Another use case for this setup is for adding processing power to an underpowered device such an older laptop or Raspberry Pi. This way, the Armory acts as a sort of co-processor for Lightning!
- An Inverse Path USB Armory
- microSD card of 4GB or greater capacity with the official Debian base image installed
- A USB host device (laptop, workstation, or RPi-like)
bitcoindrunning on your LAN, or elsewhere with access credentials for RPC
Preparing the Armory for installation:
All that is needed for
lightningd to communicate with a remote
bitcoin-cli, which drastically reduces the time needed to build on the Armory. Cross-compiliation is possible, but that is out of the scope of this guide. In order to build only
bitcoin-cli, the Bitcoin code needs to be pulled from its Github repository. But before that can be done, packet forwarding must be enabled on the host device (the device the Armory is plugged into).
The Armory (if using the official Debian base image), when plugged in and booted, creates a virtual interface that emulates an Ethernet connection. Once configured, the Armory and its USB host can communicate with each other as if they were on the same LAN (since they technically are). It is up to the USB host to allow the Armory’s packets to be forwarded or not, which if allowed enables the Armory to open Lightning Network channels with other nodes outside of the local network. Packet forwarding is also required to install build tools and dependencies.
Windows: Instructions for enabling packet forwarding (also known as Connection Sharing) for Windows 7, 8, and 10 can be found here.
MacOS: MacOS instructions can be found here.
Linux: Note: On Ubuntu 16.04, the Network Manager did not interfere. Other distributions’ configurations might, however. From the Linux instructions:
Enable masquerading for outgoing connections:
# iptables -t nat -A POSTROUTING -s 10.0.0.2/32 -o wlan0 -j MASQUERADE
Enable IP forwarding:
# echo 1 > /proc/sys/net/ipv4/ip_forward
Plug in the Armory, and notice the blinking white LED. This means the Armory is running. The “heartbeat” LED blinks more quickly as the Armory is being utilized.
ssh into your Armory with the Debian base image’s default credentials (user and password are both usbarmory)
$ ssh firstname.lastname@example.org
Ping a public address to see if your Armory is routed correctly:
$ ping 22.214.171.124
If successful, you will receive replies:
PING 126.96.36.199 (188.8.131.52) 56(84) bytes of data. 64 bytes from 184.108.40.206: icmp_seq=1 ttl=60 time=46.3 ms 64 bytes from 220.127.116.11: icmp_seq=2 ttl=60 time=48.0 ms 64 bytes from 18.104.22.168: icmp_seq=3 ttl=60 time=48.1 ms 64 bytes from 22.214.171.124: icmp_seq=4 ttl=60 time=71.5 ms
$ sudo apt update && sudo apt -y upgrade
Once that is finished, reboot the Armory for good measure in case there is a kernel update:
$ sudo reboot
Now, begin installing the build tools and dependencies needed to compile
$ sudo apt-get install -y \ autoconf automake build-essential git libtool libgmp-dev \ libsqlite3-dev python python3 net-tools libsodium-dev \ pkg-config libssl-dev libevent-dev \ libboost-system-dev libboost-filesystem-dev \ libboost-chrono-dev libboost-program-options-dev \ libboost-test-dev libboost-thread-dev tmux curl
$ git clone https://github.com/ElementsProject/lightning.git
Navigate to the local repository:
$ cd lightning
Then start the build:
Once that is finished, navigate to the usbarmory user’s home directory:
$ cd ~/
Download the Bitcoin Core 0.16.0 source code archive, SHA256SUMS.asc, and import the Core maintainer’s gpg key to verify the hashes. Finally, decompress the archive:
$ wget https://bitcoincore.org/bin/bitcoin-core-0.16.0/bitcoin-0.16.0.tar.gz $ wget https://bitcoincore.org/bin/bitcoin-core-0.16.0/SHA256SUMS.asc $ gpg --recv-key 90C8019E36C2E964 $ gpg --verify SHA256SUMS.asc $ sha256sum -c --ignore-missing SHA256SUMS.asc # should output an "OK" $ tar zxvf bitcoin-0.16.0.tar.gz
Now, on to building
Navigate to the Bitcoin source code directory and start the build process:
$ cd bitcoin-0.16.0/
autogen.sh, a flood of warning messages about locales may occur. This can be remedied by setting a locale:
$ sudo dpkg-reconfigure locales
# Select something like en_US.UTF-8 and hit Ok
Continuing the build process:
$ CFLAGS="-march=native" ./configure --disable-wallet
-march=native tells our compiler,
gcc, to auto-detect the Armory’s processor and enable optimizations specific to that processor. It helps squeeze out any increases in performance the ARM processor has, which is important because this processor is relatively slow.
bitcoind is not being built, so
libdb is not needed. Pass
--disable-wallet to build without wallet support (
c-lightning will be the wallet in this configuration).
$ make src/bitcoin-cli
Finally, copy the freshly built
bitcoin-cli binary to
$ sudo cp src/bitcoin-cli /usr/local/bin $ whereis bitcoin-cli # Should return "/usr/local/bin/bitcoin-cli"
Connecting the Armory to bitcoind via RPC:
bitcoin-cli to send raw transactions to
bitcoind for various reasons such as opening, force-closing, or mutually-closing channels. Since
c-lightning is running on the Armory, it requires
bitcoin-cli as well. However,
bitcoin-cli needs to be able to communicate to
bitcoind, so create and add appropriate items to the Armory’s, and the USB host’s,
On the USB host, or the device elsewhere that has
bitcoind running, specify the following items in
rpcuser= your_username rpcpassword= yourpasswordnotthisone rpcallowip= the Armory's IP address
Save those changes, then create the Armory’s
bitcoin.conf and add the following items:
$ nano ~/.bitcoin/bitcoin.conf
rpcuser= username from before rpcpassword= password from before rpcconnect= USB hosts's IP (10.0.0.2)
Substitute 10.0.0.2 for the IP address
bitcoind may be listening on (eg. 192.168.0.254).
Attempt to query
bitcoind from the Armory:
$ bitcoin-cli -getinfo
If successful, a response will be returned with the relevant information (block height, difficulty, etc.) Awesome!
Now that everything is built, configured, and networked correctly,
c-lightning can be run.
tmux session and then start
$ tmux $ ./lightning/lightningd/lightningd --network testnet --log-level debug $ ./lightning/cli/lightning-cli getinfo
--network bitcoin instead, if you’re #reckless.
lightningd starts outputting “Adding block number” , and
lightning-cli getinfo returns the current block height (among other information), the Armory is successfully setup!
lightning-cli may now be used to generate new addresses for depositing/withdrawing bitcoin, and to open/close Lightning Network channels!
LApps are Lightning-powered applications that utilize the instant payments that the Lightning Network provides. Recently released LApps include those listed here on Blockstream’s blog.
To run these LApps, Lightning Charge needs to be installed on the Armory.
Lightning Charge requires
nodejs. Install them now:
$ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - $ sudo apt-get install -y nodejs
Permissions errors might occur due to the nodesource.com-provided nodejs package. To work around this, do the following:
$ mkdir ~/.npm-global $ npm config set prefix '~/.npm-global'
Add the following to ~/.profile:
$ export PATH=~/.npm-global/bin:$PATH
$ source ~/.profile
Then simply use npm to install Lightning Charge, and run
$ npm install -g lightning-charge $ charged --api-token <a secret token>
charged will then be running on the default port of 9112!
Installing the nanopos LApp to turn your Lightning module into a micro point-of-sale solution:
nanopos is easily installed with
$ npm install -g nanopos
items.yaml file with the products for sale, specify a currency with –currency , and then run nanopos :
$ nanopos -t <charge API token> --items-path items.yaml --currency USD
The title of the rendered page can be changed with
--title, and there are an assortment of themes available at bootswatch.com that can be chosen with
charged, and the
nanopos LApp are all running on the portable Armory!
Once done transacting, simply shutdown the Armory and unplug it in order to store it for transporting. When ready to transact again, plug it back in,
ssh in, and fire up
c-lightning again. This can be configured to use a
bitcoind running on a VPS or similar public-facing hosting service to further increase portability (only the Armory is needed versus an accompanying workstation/laptop/host with
The Armory can also run in “standalone mode,” which requires no USB host for connectivity or power (it is still powered via USB, however). This enables other cool use cases like a much more portable battery-powered and WiFi-enabled configuration!
Thanks for reading!