Skip to main content

Highly secure home office


The ECOS SecureBootStick SX provides highly secure remote-access to a terminal server or virtual desktop infrastructure as well as to web applications in a secure and encapsulated environment.

Download brochure      Contact us

How the Secure Boot Stick SX works

When connected to a USB port, the PC or Mac boots the specially hardened ECOS Secure Linux operating system on the stick.

The internal hard drive stays disconnected, so potential malware on the computer cannot be activated at all. This ensures a 100% separation between professional and private use of the PC.

The boot stick provides all required firmware and applications. This allows the use of private or third-party devices, with BSI approval.

Totally easy while highly secure to use!

  Connect boot stick to PC or Mac and power on
  ECOS Secure Linux starts automatically. The local hard disk is deactivated.
  Enter your PIN, connect to your working environment
  Log in & go!

10 good reasons to get the ECOS SecureBootStick SX

Protected and encapsulated working environment

100% separation professional/private use

All software on the stick

Strong multi-factor authentication via smartcard

Integrated firewall

Central management & remote update

Fast roll-out, even for large quantities

Data safe for document storage

Low investment costs

BSI approval for VS-NfD

More products of the Secure Boot Stick family:

Produkt Nahaufnahme des Secure Boot Stick FX

Secure Boot Stick FX

  Hardened ECOS Secure Linux OS

  All software on one stick

  2-factor authentication w/
     software certificates

  Integrated firewall

  Central management

  Hardware-encrypted security

  2-factor authentication w/
     hardware anchor

  Multi-factor authentication w/

  Keypad for PIN entry

  Data safe for encrypted file storage

Produkt Nahaufnahme des Secure Boot Stick GX

Secure Boot Stick GX

  Hardened ECOS Secure Linux OS

  All software on one stick

  2-factor authentication w/
     software certificates

  Integrated firewall

  Central management

  Hardware-encrypted security

  2-factor authentication w/
     hardware anchor

  Multi-factor authentication w/
     integrated smartcard

  Keypad for PIN entry

  Data safe for encrypted file storage

  Authentication w/ PKI/ID-1 cards

Produkt Nahaufnahme des Secure Boot Stick GX

Secure Boot Stick ZX

  BSI-approved for VS-NfD

  Highly secure VS-NfD access w/
     genua genuscreen

  Sealed stick environment

  Extra hardened ECOS Secure Linux

  Multi-factor authentication w/

  Keypad for PIN entry

  Central management and remote

  Multi-factor authentication via card
     slot for PKI and ID-1 service cards

  Compatible with Bundeswehr
     military card

Technichal data of the Secure Boot Stick SX

BSI approval

  • Approved for processing data with classification level VS-NfD, NATO RESTRICTED, EU RESTRICTED


  • RDP Client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VPN Client for IPsec
  • Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
  • Microsoft RemoteFX for optimizing the audio quality with RDP

Supported destination systems

  • Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server


  • Connection to genua genuscreen by IPsec within a BSI-approved environment


  • Profiles for access to different applications/servers on user, group or role level
  • Use of local resources after release (external USB storage devices, local printers)
  • Rights assignment for external devices bound to manufacturer ID or serial number of the device
  • Remote update of all applications and firmware


  • Integrated smartcard reader for cards in ID-000 format
  • Drivers for all popular 64-bit PCs, Macs and tablets with x86 architecture
  • UEFI Secure Boot support
  • Keyboard drivers for more than 90 languages and countries
  • Multi-monitor support
  • Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
  • Software in German and English (pre-configurable)

Data safe

  • 1 GB, usable for storing documents (not for VS-NfD), (larger storage capacities on request)
  • Hardware encryption with AES-256, secured by smartcard plus PIN
  • Installation-free use as USB drive in Windows, Linux and macOS

Additional features

  • Signing, encryption or Windows smartcard logon with PC/SC forwarding
  • Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
  • Automatic reconnection after disconnection or connection change

Multi-factor authentication

  • Software certificate, tied to stick’s hardware ID and smartcard
  • Integrated numeric keypad for PIN entry on the stick


  • Write-protected and signed partitions for bootloader and kernel
  • Encryption by hardware of all security-relevant partitions
  • Signed read-only partition for firmware and applications
  • Writeable partition for storage of user parameters
  • Hardened ECOS Secure Linux operating system
  • Digitally signed bootloader, firmware and applications validated in chain of trust
  • All processes secured by smartcard, e.g. Easy Enrollment, sign-in to gateway, stick update
  • Integrated firewall protecting against attacks over the same network and blocking ping requests
  • Encryption of RAM content except for the executable program code
  • VM start detection prevents use in virtual environment
  • Fingerprinting of the guest computer incl. peripherals
  • Instant logout on stick disconnection
  • Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

  • USB-A | C | micro - 28 x 85 x 13 mm – 68 g
  • ECOS SecureBootStick SX and carrying strap, 2 connection cables for USB A and C


Are you interested in the ECOS SecureBootStick SX? Do you have questions?

We are looking forward to your message!