ARROW: Security First, Resilient by Design

ARROW devices are hardened security appliances designed to withstand supply chain compromise and nation-state tampering through Secure Boot, TPM-backed encryption, and BIOS-level protections.

At VTEM Labs, we have designed ARROW with one principle in mind: security first, while accelerating your operations. In a world where international deployments face the risk of supply chain compromise and even nation-state tampering, resilience must be built in from the start. That is why we are excited to share a major improvement now implemented across all ARROW devices: Secure Boot with custom signing keys, TPM-backed encryption, and BIOS-level protections.

What Secure Boot Is and Why It Matters

Secure Boot is a modern firmware feature that ensures only trusted, digitally signed software can load during startup. Instead of blindly executing whatever sits on the boot device, the firmware checks each component—bootloader, kernel, and critical drivers—against cryptographic signatures.

In ARROW devices, we take this a step further:

  • We use custom ARROW signing keys to validate the operating system kernel and boot chain.
  • If anything is tampered with, the system refuses to boot.
  • Only ARROW-signed code runs, closing the door to rootkits or malicious bootloaders.

ARROW Secure Boot Configuration ARROW devices ship with Secure Boot enabled and configured with custom platform keys

By anchoring trust at the very first instruction, Secure Boot guarantees that ARROW devices always start from a known good state—even if targeted in the supply chain.

TPM: A Hardware Root of Trust

The Trusted Platform Module (TPM) is a dedicated security chip embedded in each ARROW device. It acts as a hardware vault for secrets that resists tampering even if an attacker has physical access.

Here is how we leverage it:

  1. System integrity verification. The TPM measures the system’s boot state. If altered, critical keys are withheld.
  2. OS drive protection. The OS volume is encrypted, with keys released only if integrity checks succeed.
  3. Dedicated client storage. Each ARROW appliance includes a separate NVMe data drive for client engagement data. This drive is independently managed and bound to the TPM.

ARROW TPM 2.0 Configuration Every ARROW device includes a TPM 2.0 chip with SHA256 PCR banks for secure measurement and key storage

Combined with Secure Boot, the TPM ensures that even with direct hardware access, attackers cannot bypass checks or extract data.

Two-Factor Key Release for the Client Data Drive

To maximize client control, ARROW enforces two-factor protection specifically for the NVMe data drive that stores sensitive engagement data:

  • Factor 1. Secure Boot and TPM integrity checks must pass.
  • Factor 2. The operator must provide a password set at the beginning of each deployment.

This separation is deliberate. The OS drive boots securely under ARROW protections, while the client data drive requires both system integrity and client authorization to unlock. Without the password, not even VTEM Labs can access the data once the engagement has begun.

Locking Down the BIOS

To prevent tampering below the operating system, every ARROW device ships with:

  • A unique, randomly generated BIOS password that prevents unauthorized changes.
  • Protection against disabling Secure Boot or altering boot order.
  • Tamper auditing that detects attempted interference.

This ensures the entire boot chain—from firmware through operating system—remains hardened.

Protecting Data in Transit and On Site

These measures directly protect ARROW clients in real-world scenarios:

  • In transit. If a device is intercepted during shipping, attackers cannot alter firmware or extract the NVMe data drive. Without the client’s password, data stays locked.
  • On site. If someone attempts tampering by probing hardware, swapping drives, or rebooting, the combination of Secure Boot, TPM, BIOS locks, and two-factor encryption blocks unauthorized access.

In both cases, the client maintains control of their data from start to finish.

Resilience Against Supply Chain and Nation-State Tampering

International deployments demand more than everyday hardening. They must withstand sophisticated adversaries with the resources to intercept, alter, or implant malicious code at any stage. ARROW is built for this level of threat.

  • Defense from fabrication to delivery. Secure Boot with ARROW’s custom signing keys ensures no unauthorized firmware or boot components can ever load, even if the hardware was intercepted before reaching the client.
  • Tamper detection in transit. BIOS protections and TPM measurements make any attempt to disable protections or alter boot order immediately visible and ineffective.
  • Client-controlled access. The client password on the NVMe data drive guarantees that engagement data cannot be exfiltrated—even by advanced actors—without explicit authorization.

This layered approach means ARROW remains trustworthy not only in daily use, but also when operating across borders and under the most aggressive threat models.

How ARROW Differs From Other Deployments

Many penetration testing, IT management services, and security teams rely on ad hoc setups that combine off-the-shelf hardware, generic encryption, and the assumption that no one tampers along the way. These approaches often skip key protections, leaving exploitable gaps.

ARROW takes a different path. By combining Secure Boot, TPM-backed encryption, BIOS hardening, and client-controlled two-factor access to the dedicated NVMe data drive, ARROW devices are secured throughout their entire lifecycle—from assembly, to transit, to client site, and even upon return.

The result is a platform that is resilient to supply chain compromise, hardened against nation-state interference, and more secure than most DIY or corporate solutions.

What This Means for Our Clients

For ARROW users, this layered approach delivers:

  • Tamper-proof booting
  • Locked BIOS security
  • Confidential engagements with data isolated on a separate NVMe drive
  • Defense in depth through multiple layers of hardware and software protection
  • Assurance against supply chain compromise and nation-state tampering

With these improvements, ARROW devices are not just plug-and-play for remote testing. They are hardened security appliances designed to protect your most sensitive engagements anywhere in the world.

See ARROW in Action

Experience the difference of a hardened platform built for international deployments and high-trust engagements. Schedule a demo today and see how ARROW can accelerate penetration testing, IT management, and Incident Response operations while keeping security first.

Back to Blog