# Generated from FAQ arrays in src/pages/TrustedOS.tsx and src/pages/SatLink.tsx.
# When those arrays change, regenerate this file.

# CYSEC

> CYSEC is a European cybersecurity company building sovereign products for satellites, space infrastructure, and trusted ground compute. Its product line, ARCA Trusted OS, ARCA SATLINK, and ARCA SATCOM, secures workloads end to end across ground segment and space segment.

## Products

### ARCA Trusted OS

URL: https://www.cysec.com/arca-trusted-os

Hardened Linux based operating system for confidential virtual machines on AMD SEV-SNP and Intel TDX. Includes the self hosted ARCA Verification Manager for remote attestation and full disk encryption key management. No SaaS, no third party keys.

#### FAQ

### Q: What is confidential computing?
Confidential computing uses hardware-isolated trusted execution environments (TEEs) to protect data and code while they are being processed. Unlike encryption at rest or in transit, TEEs ensure that even the hypervisor, cloud provider, or OS administrator cannot read the memory of the running workload.

### Q: What is ARCA Trusted OS?
ARCA Trusted OS is a Linux-based, hardened operating system developed by CYSEC for deploying confidential virtual machines. It is purpose-built for AMD SEV-SNP trusted execution environments and includes only the components necessary to run your workloads, minimizing attack surface.

### Q: What is the ARCA Verification Manager?
The ARCA Verification Manager is a self-hosted component that manages the attested launch of confidential virtual machines, stores disk encryption keys, and monitors the state of your VM cluster in real time. It runs on your own infrastructure. No SaaS or cloud dependency.

### Q: What is attestation?
Remote attestation is a cryptographic procedure that verifies the integrity of a virtual machine's environment before allowing it to start. The ARCA Verification Manager uses AMD SEV-SNP hardware proofs to confirm that the OS, bootloader, and execution environment have not been tampered with.

### Q: How does ARCA Trusted OS protect my data in use, at rest, and in transit?
In use: your workload runs inside an AMD SEV-SNP trusted execution environment, where memory is encrypted at the hardware level. At rest: ARCA Verification Manager manages full-disk encryption keys, released only after a successful attestation. In transit: cryptographic key materials are protected by the Verification Manager.

### Q: What hyperscalers and on-premises hypervisors are supported?
Cloud: Microsoft Azure (Confidential Compute). On-premises: Broadcom vSphere v9 (VMware Cloud Foundation 9.0) and Proxmox (with CYSEC-added attestation support not present in stock Proxmox).

### Q: What are the hardware requirements?
ARCA Trusted OS requires servers with AMD EPYC processors that support AMD SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging). This is available on AMD EPYC 3rd generation (Milan) and newer.

### Q: Does ARCA Trusted OS introduce performance downgrades?
AMD SEV-SNP introduces a minimal performance overhead, typically below 5% for most workloads. The specific impact depends on the workload type.

### Q: Can I run my existing application on ARCA Trusted OS?
Yes. ARCA Trusted OS is a Linux-based OS and supports containerized workloads (Docker, Kubernetes). You can run your application inside a confidential virtual machine without modifying the application itself.

### Q: Where are the disk encryption keys stored?
Disk encryption keys are managed by the self-hosted ARCA Verification Manager, which runs on your own premises. Optionally, keys can be backed by a hardware security module (HSM) for FIPS 140-2 compliance.

### Q: Is ARCA Trusted OS Kubernetes-compatible?
Yes. ARCA Trusted OS instances can be seamlessly integrated into a Kubernetes cluster, enabling critical pod workloads to run inside confidential virtual machines.

### ARCA SATLINK

URL: https://www.cysec.com/arca-satlink

First commercial implementation of the CCSDS Space Data Link Security (SDLS) protocol. Encryption, authentication, OTAR key management, replay attack prevention, and link monitoring for telemetry and telecommand on ground and on board. Validated in orbit on ESA OPS-SAT in October 2023.

#### FAQ

### Q: Why should I secure my satellite data links?
Orbital systems are operated remotely by nature. The data link exposes both physical and digital assets to adversaries: interception, spoofing, and hostile command injection are real threats. Compliance with national and international regulations is increasingly mandatory.

### Q: What is ARCA SATLINK exactly?
ARCA SATLINK is the first commercial implementation of the CCSDS Space Data Link Security (SDLS) protocol. It provides encryption, authentication, key management, and link monitoring for satellite communications, deployable on both ground systems and on-board spacecraft.

### Q: What are the on-board resource requirements?
The SATLINK library binary is 230 KB. RAM usage must not exceed 50 KB and NVM must not exceed 100 KB. CPU budget is 1–2% under peak load. The exact footprint depends on the number of keys, channels, and Security Associations configured.

### Q: How much overhead does it add per frame?
ARCA SATLINK adds only 30 bytes per frame (the security header and MAC). This has minimal impact on downlink bandwidth or latency.

### Q: Is ARCA SATLINK compatible with real-time OS?
Yes. ARCA SATLINK is fully compatible with real-time operating systems, supporting safety-critical on-board deployments. It uses only static memory allocation with no dynamic allocation that would introduce non-deterministic behaviour.

### Q: Has ARCA SATLINK been validated in orbit?
Yes. ARCA SATLINK completed an In-Orbit Demonstration on ESA's OPS-SAT in October 2023, processing over 2 million TC and TM frames with a 100% success rate. It demonstrated replay attack prevention and live tamper detection.

### Q: What is the maximum throughput with FPGA?
With FPGA acceleration, ARCA SATLINK reaches up to 10 Gbps. The solution has been developed and tested on the Xilinx Zynq 7000 SoC family and can be adapted to other FPGA architectures.

### Q: Is ARCA SATLINK interoperable with other SDLS implementations?
Yes. Since ARCA SATLINK is based on the CCSDS Blue Books, space agencies have already validated interoperability between independent SDLS implementations following the same standards. Interoperability is inherent to the approach.

### Q: Does ARCA SATLINK support post-quantum cryptography?
Yes. ARCA SATLINK includes post-quantum cryptography support. Its modular architecture can also integrate any cryptographic library, including military-grade algorithms.

### Q: Can one instance of ARCA SATLINK operate a full constellation?
Yes. A single instance of ARCA SATLINK can manage all the links required to operate a full satellite constellation, including inter-satellite links and multiple ground-to-spacecraft links.

### Q: Can ARCA SATLINK integrate military algorithms?
Yes. ARCA SATLINK's modular architecture can integrate any cryptographic library, including military-grade and classified algorithms, through its configurable backend interface.

### Q: Is ARCA SATLINK certified?
ARCA SATLINK is undergoing security certification. It can integrate FIPS-certified cryptographic libraries (such as WolfSSL) on board, and can leverage FIPS-certified HSMs for key generation and storage on the ground.

### Q: How does ARCA SATLINK compare to open-source solutions?
Unlike open-source libraries, ARCA SATLINK uses static memory allocation only, critical for operational satellites where dynamic allocation introduces memory leaks and non-deterministic execution. It includes SDLS-EP, FPGA acceleration, and is maintained long-term.

### Q: How complex is the integration?
Integration is designed to be minimal. ARCA SATLINK is provided with detailed documentation and example integration code. Existing ground systems and flight software can remain unchanged, with SDLS added as a security layer around the existing communication stack.

### ARCA SATCOM

URL: https://www.cysec.com/arca-satcom

Secure satellite communications stack for ground segment and on board deployments, complementing ARCA SATLINK at the application and operations layers.

## Company

- About CYSEC: https://www.cysec.com/about
- CYSEC Labs: https://www.cysec.com/cysec-labs
- Partners: https://www.cysec.com/partners
- News: https://www.cysec.com/news
- Careers: https://www.cysec.com/careers
- Contact: https://www.cysec.com/contact

## Key Technical Facts

- ARCA Trusted OS supports AMD SEV-SNP (EPYC Milan and newer) and Intel TDX.
- Self hosted ARCA Verification Manager handles remote attestation and disk encryption key release.
- Platforms: Microsoft Azure Confidential Compute, Broadcom vSphere v9 (VCF 9.0), Proxmox with CYSEC attestation support.
- ARCA SATLINK: 230 KB binary, under 50 KB RAM, under 100 KB NVM, 1 to 2% CPU at peak, 30 byte per frame overhead, up to 10 Gbps with FPGA.
- CCSDS protocols supported: TM, TC, AOS, USLP, plus SDLS-EP.

## Standards & Compliance

- CCSDS Space Data Link Security (SDLS) Blue Book.
- Post quantum cryptography ready.
- FIPS 140-2 compatible via integrated HSMs and FIPS certified libraries.
- Aligned with French Space Law, NIS2, the Cyber Resilience Act, and the upcoming EU Space Act.