Honestly, there is no "absolute" secure. It's just about the cost(complexity) to crack. For the CLKSCREW issue: You can see the first step is to crack kernel in which case no secret can be kept for openssl solution. And this attack is HW design specific. e.g. The fundamental is that non-secure SW can control the regulators of clock and voltage. This might not be true for all the platforms. As I know, some designs are using an MCU running in the secure world to access the regulators which are also in the secure world. The Kernel in the non-secure world can't access these regulators directly. It can just send the high-level requests to this secure MCU through Arm-TrustedFirmware. So this MCU is a safeguard to restrict the range of frequencies and voltages that can be configured. Another example is to use the hardware crypto engine to generate/store the keys and decryption/encryption also happen in HW. In this case, CLKSCREW can't attack it anyway. --- [Visit Topic](https://discourse.ros.org/t/ros2-and-dds-security-enhancement-on-arm-platforms/3677/5) or reply to this email to respond. If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates. ______________________________________________________________________________ ros-users mailing list ros-users@lists.ros.org http://lists.ros.org/mailman/listinfo/ros-users Unsubscribe: