Agilex™ 7 Hard Processor System Technical Reference Manual

ID 683567
Date 8/13/2024
Public
Document Table of Contents

6.1.2.1.3. Slave Security

The system interconnect enforces security through the slave settings. The slave settings are controlled by the Interconnect Security Control Register (SCR) in the service network.

Firewalls protect certain L3 and L4 slaves. Each of these slaves has its own security check and programmable security settings. After reset, every slave of the system interconnect is in a secure state. This feature is called boot secure. Only secure masters can access secure slaves.

The system interconnect implements seven firewalls to check the security state of each slave, as listed in the following table. At reset time, all firewalls default to the secure state.

Table 53.  System Interconnect FirewallsThe main system interconnect contains firewalls configured as shown in the following table.
Name Description
Peripherals Firewall Filter access to slave peripherals (SPs) in the following buses:
  • L4 main bus
  • L4 master peripherals bus
  • L4 AHB bus
  • L4 slave peripherals bus
System Firewall Filter access to system peripherals in the following components:
  • L4 system bus
  • L4 ECC bus
  • DAP
  • System Trace Macrocell (STM)
  • L4 hard memory controller (HMC)
  • L4 bus registers (SCR firewall, and probes)
Lightweight HPS-to-FPGA Firewall Controls access through the lightweight HPS-to-FPGA bridge
TCU Firewall Controls access to the TCU. The system interconnect interfaces to the TCU through a 64-bit AXI bus.
DAP Firewall Controls access to the CoreSight APB DAP
HPS-to-FPGA Firewall Filter access to FPGA through the HPS-to-FPGA bridge.
DDR L3 Firewalls Filter access to DDR and HMC Configuration Register

In addition to the firewalls listed above, the following slaves are protected by firewalls implemented outside the system interconnect:

Table 54.  Firewalls Outside the System Interconnect
Slave Name Comment
On-chip RAM Module - 256KB Firewall in CCU
Note: At reset, the privilege filters are configured to allow certain L4 slaves to receive only secure transactions. Software must either configure bridge secure at startup, or reconfigure the privilege filters to accept non-secure transactions.

To change the security state, you must perform a secure write to the appropriate SCR register of a secure slave. A non-secure access to the SCR register of a secure slave triggers a bus error.

The following slaves are not protected by firewalls:

Table 55.  Slaves Without Firewalls
Slave Name Comment
GIC GIC implements its own security extensions
STM STM implements its own master security through master IDs
L4_Generic Timestamp Fixed Secure/Non-Secure by interconnect, no configuration required.
DMA DMA implements its own security extensions