Intel® Stratix® 10 Hard Processor System Technical Reference Manual

ID 683222
Date 1/25/2024
Public
Document Table of Contents

5.4.6. Security State Determination

There are two concepts of security in the SMMU:

  • A transaction is either secure or non-secure depending on the value of the APROT[1] signal.
  • The stream has an assigned security state determination (SSD) that determines whether secure or non-secure software controls the stream.

Each transaction is classified through a security state determination (SSD) as either SSD secure or SSD non-secure. The current bus transaction provides an SSD_index that points to a bit in the smmu_ssd_reg_* registers. For a given transaction, the device is either SSD secure or SSD non-secure. This bit determines the SSD security state.

For an SSD secure transaction, the APROT[1] signal can indicate whether it is secure or non-secure and the information is generally passed downstream. However, an SSD non-secure transaction is forced by the SMMU to indicate non-secure transaction in the APROT[1] signal on the downstream. For each SSD, set the SMMU_SCR0.CLIENTPD bit field if you want all transactions to bypass the translation process of the SMMU.