Security & Storage
Media and Data Protection
The USBridge storage security architecture is predicated on strict hardware data isolation, immutable Btrfs snapshots, and open file-system standards.
Supported Storage Media
Currently, industrial-grade or surveillance-grade SD cards are required as the primary storage medium. These classes of media are specifically engineered to reliably handle the transactional workloads generated by Copy-on-Write (CoW) algorithms.
Native support for external USB flash drives and solid-state drives (SSDs) connected via the USB-C interface is actively in development and will be deployed in an upcoming firmware release.
Security and Storage Format
The appliance combines strict hardware-level isolation with open-source file-system semantics to guarantee data integrity against logical compromise.
| Security Vector | Architectural Implementation |
|---|---|
| Offline Operation | The snapshot engine operates completely offline. Creation, auditing, and management are executed locally via the appliance hardware, eliminating network-based attack surfaces. |
| Ransomware Resistance | Snapshots are structurally immutable and read-only. Malicious encryption or mass deletion attempts on the active host volume merely generate a new delta state, leaving prior historical blocks entirely intact. |
| Open Standards (No Lock-in) | Data is written using standard Btrfs without proprietary hardware wrappers. The storage medium can be physically extracted and natively mounted on any Linux workstation for emergency bare-metal recovery. |
Capacity Management Policy
To guarantee the structural integrity of historical data, the appliance enforces a strict, deterministic capacity policy.
When physical storage space is exhausted, the system automatically halts the generation of new snapshots. The architecture intentionally omits automatic block deletion or snapshot rotation algorithms to prevent the accidental purging of critical recovery states.
To reclaim storage capacity, administrators must physically detach the storage medium and manually manage the Btrfs subvolumes on an external Linux workstation outside of the USBridge environment.