Visible to Intel only — GUID: sfo1410068061002
Ixiasoft
Visible to Intel only — GUID: sfo1410068061002
Ixiasoft
7.2.2.2.3. On-Chip RAM Firewall
At reset all memories are secure. Out of reset, regions of memories can be configured for non-secure accesses.
The on-chip RAM is divided into six regions, where the granularity of the address boundary is 4 KB. Within each region, a non-secure or shared memory region can be assigned by programming a base and limit value in the corresponding regionNaddr register, with N denoting the region number. Each of these regions can be enabled by writing to the enable register or setting the corresponding bit in the enable_set register.
When an incoming transaction falls within any enabled non-secure regions, the firewall allows both secure and non-secure packets. When the transaction is outside of any enabled regions, the firewall only allows secure packets.
When a transaction packet is sent from a master, the master also drives a secure master flag signal on the bus. This flag indicates whether the attempted transaction from the master is for a secure or non-secure memory region. When the flag signal is driven high, it indicates a secure access. When the flag signal is low it indicates a non-secure access.