Wow, I never considered a power attack from software of an untrusted OS. Ring -1 and SGX and the like lead to some very harsh security environments for modern processors. IMO if you want cryptographic security, you should probably use an external component that you control, but that isn't always possible and is never the cheaper option.