Intel® Arria® 10 Hard Processor System Technical Reference Manual

ID 683711
Date 1/10/2023
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

7.2.2.4. Master Security Policy

Each master has an inherent security transaction capability.

Masters accessing slaves can be configured to one of three different security policies:

  • Per transaction: The master is capable of generating secure and non-secure transactions.
  • Secure: The master only supplies secure transactions.
  • Non-secure: The master only generates non-secure transactions.
At reset, all accesses default to secure transactions. The table below details the transaction capability of each master within the SoC. Some masters are only capable of non-secure transactions.
Table 43.  Master Transaction Capability

Master

Transaction Capability

DMA

Secure/Non-secure

DAP

Secure/Non-secure

USB OTG 0/1

Non-secure

SD/MMC

Non-secure

EMAC0/1/2

Secure/Non-secure

NAND

Non-secure

FPGA-to HPS Bridge

Secure/Non-secure

ETR

Secure/Non-secure

MPU

Secure/Non-secure

FPGA-to-SDRAM

Secure/Non-secure

Security policies are based on secure and privilege attributes. For instance, if CPU0 is configured to access NAND registers in both secure and non-secure mode and CPU0 attempts an access when the core is in secure or non-secure mode, no error occurs. However, if CPU0 is allowed to access NAND registers only in secure mode and CPU0 is operating in non-secure mode, then CPU0 receives an error response when accessing the NAND registers. If both the security firewall and privilege firewall are implemented, security firewall filters all of the accesses. If an access fails, random data or an error response is sent to the master, depending on how the error_response bit in the global register of the noc_fw_ddr_l3_ddr_scr module is programmed. If access is granted by the security firewall, then the transaction enters the privilege firewall. If access is granted, the request enters the peripheral IP.

Note: Future devices may not support the return of random data and may only support an error response for blocked firewall transactions. For designs that may be ported to future devices, Intel recommends you to set the error_response bit in the global register.