I think people who are expecting voltage glitching attacks to be viable (especially anywhere in the immediate future) are delusional, honestly.
The Switch 2's BPMP may or may not have DCLS, but let's assume for purpose of argument that it doesn't.
Anybody talking about voltage glitching just has not studied the boot flow:
https://docs.nvidia.com/jetson/arch...R/BootArchitecture/JetsonAgxOrinBootFlow.html
View attachment 496438
Conventional glitching attacks on NX (and Mariko) pwn the BPMP, by making it accept a different public key. So, okay, let's say you replicate that attack verbatim, magically.
You've now pwned the BPMP. This gets you *nothing* on Switch 2, because all the BPMP does is handover to the PSC ("Platform Security Controller"), a custom NV-RISCV chip responsible for all actual cryptographic stuff/security on the platform.
You can't start the ccplex. You can't get any keys to decrypt anything. You could dump the bootrom, if you do a double glitch, probably. But that doesn't help you in any capacity, because unlike on NX, on the Switch 2 the whole chain of trust is designed around an insecure BPMP that happens to be secured anyway.
You can think of it as like when they added TSEC in 6.2.0 on the Switch, except this is baked in from the get-go, and NV-RISCV is likely actually secure (they claim formal verification, and I'm skeptical, but I still think it won't have the basic tsec problems). And you have to glitch to even get to that point.
So...yeah. I would tell people not to get their hopes up. You would need to glitch the PSC (completely blindly glitching a custom-architecture processor that NVidia gave hardware conference talks on how they designed to be anti-glitching?) or the ccplex (doesn't get you keys, everything you do there is potentially patchable by a firmware update?).
It's not like Mariko was for the Switch, it's a whole new game.
