Intel® Quartus® Prime Standard Edition User Guide: Platform Designer

ID 683364
Date 12/15/2018
Public
Document Table of Contents

1.10.2. Specifying a Default Slave

If a master issues "per-access" or "not allowed" transactions, your design must contain a default slave. Per-access refers to the ability of a TrustZone* -aware master to allow or disallow access or transactions.

You can achieve an optimized secure system by partitioning your design and carefully designating secure or non-secure address maps to maintain reliable data. Avoid a design that includes a non-secure master that initiates transactions to a secure slave resulting in unsuccessful transfers, within the same hierarchy.

A transaction that violates security is rerouted to the default slave and subsequently responds to the master with an error. The following rules apply to specifying a default slave:

  • You can designate any slave as the default slave.
  • You can share a default slave between multiple masters.
  • Have one default slave for each interconnect domain.
  • An interconnect domain is a group of connected memory-mapped masters and slaves that share the same interconnect. The altera_error_response_slave component includes the required TrustZone* features.
To designate a slave interface as the default slave for non TrustZone* -aware interfaces, follow these steps:
  1. Specify interconnect security settings, as Configuring Platform Designer System Security describes.
  2. In the System View , right-click any column and turn on the Security and Default Slave columns.
  3. In the System View tab, turn on the Default Slave option for the slave interface. A master can have only one default slave.
Table 12.  Secure and Non-Secure Access Between Master, Slave, and Memory Components

Transaction Type

TrustZone* -aware Master

Non- TrustZone* -aware Master

Secure

Non- TrustZone* -aware Master

Non-Secure

TrustZone* -aware slave/memory

OK

OK

OK

Non- TrustZone* -aware slave (secure)

Per-access

OK

Not allowed

Non- TrustZone* -aware slave (non-secure)

OK

OK

OK

Non- TrustZone* -aware memory (secure region)

Per-access

OK

Not allowed

Non- TrustZone* -aware memory (non-secure region)

OK

OK

OK