Intel® Agilex™ Hard Processor System Technical Reference Manual

ID 683567
Date 2/14/2023
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

5.4.6. Security State Determination

There are two concepts of security in the SMMU:

  • A transaction is either secure or non-secure depending on the value of the APROT[1] signal.
  • The stream has an assigned security state determination (SSD) that determines whether secure or non-secure software controls the stream.

Each transaction is classified through a security state determination (SSD) as either SSD secure or SSD non-secure. The current bus transaction provides an SSD_index that points to a bit in the smmu_ssd_reg_* registers. For a given transaction, the device is either SSD secure or SSD non-secure. This bit determines the SSD security state.

For an SSD secure transaction, the APROT[1] signal can indicate whether it is secure or non-secure and the information is generally passed downstream. However, an SSD non-secure transaction is forced by the SMMU to indicate non-secure transaction in the APROT[1] signal on the downstream. For each SSD, set the SMMU_SCR0.CLIENTPD bit field if you want all transactions to bypass the translation process of the SMMU.