[ros-users] [Discourse.ros.org] [Next Generation ROS] ROS2 and DDS Security enhancement on arm platforms

David Wang ros.discourse at gmail.com
Mon Jan 15 07:28:48 UTC 2018

Honestly, there is no "absolute" secure. It's just about the cost(complexity) to crack.
For the CLKSCREW issue:
You can see the first step is to crack kernel in which case no secret can be kept for openssl solution.

And this attack is HW design specific.
e.g. The fundamental is that non-secure SW can control the regulators of clock and voltage.
This might not be true for all the platforms. As I know, some designs are using an MCU running in the secure world to access the regulators which are also in the secure world. The Kernel in the non-secure world can't access these regulators directly. It can just send the high-level requests to this secure MCU through Arm-TrustedFirmware. So this MCU is a safeguard to restrict the range of frequencies and voltages that can be configured.
Another example is to use the hardware crypto engine to generate/store the keys and decryption/encryption also happen in HW. In this case, CLKSCREW can't attack it anyway.

[Visit Topic](https://discourse.ros.org/t/ros2-and-dds-security-enhancement-on-arm-platforms/3677/5) or reply to this email to respond.

More information about the ros-users mailing list