Intel® Quartus® Prime Standard Edition User Guide: Platform Designer

ID 683364
Date 12/15/2018
Public
Document Table of Contents

1.10. Configuring Platform Designer System Security

You can specify Platform Designer system and interconnect security settings on the Interconnect Requirements tab.

Platform Designer interconnect supports the Arm* TrustZone* security extension. The Platform Designer Arm* TrustZone* security extension includes secure and non-secure transaction designations, and a protocol for processing between the designations, as Table 12 describes.

The AXI AxPROT protection signal specifies a secure or non-secure transaction. When an AXI master sends a command, the AxPROT signal specifies whether the command is secure or non-secure. When an AXI slave receives a command, the AxPROT signal determines whether the command is secure or non-secure. Determining the security of a transaction while sending or receiving a transaction is a run-time protocol.

AXI masters and slaves can be TrustZone* -aware. All other master and slave interfaces, such as Avalon® -MM interfaces, are non- TrustZone* -aware.

The Avalon® specification does not include a protection signal. Consequently, when an Avalon® master sends a command, there is no embedded security and Platform Designer recognizes the command as non-secure. Similarly, when an Avalon® slave receives a command, the slave always accepts the command and responds.

Follow these steps to set compile-time security support for non- TrustZone* -aware components:
  1. To begin creating a secure system, add masters and slaves to your system, as Adding IP Components to a System describes.
  2. Make connections between the masters and slaves in your system, as Connecting Masters and Slaves describes.
  3. Click View > Interconnect Requirements. The Interconnect Requirements tab allows you to specify system-wide and interconnect-specific requirements.
  4. To specify security requirements for an interconnect, click the Add button.
  5. In the Identifier column, select the interconnect in the new_target cell.
  6. In the Setting column, select Security.
  7. In the Value column, select the appropriate Secure, Non-Secure, Secure Ranges, or TrustZone-aware security for the interface. Refer to System Security Options for details of each option.
    Figure 27. Security Settings in Interconnect Requirements Tab
  8. After setting compile-time security options for non- TrustZone* -aware master and slave interfaces, you must identify those masters that require a default slave before generation, as Specifying a Default Slave.