Hard Processor System Technical Reference Manual: Agilex™ 5 SoCs
A newer version of this document is available. Customers should click here to go to the newest version.
13.4.2.4.4. MPFE Firewall Example
The following is an example of how to set up non-secure regions within the memory map that can be only accessed by the appropriate initiator (that is, the MPU, the F2H, or the F2SDRAM initator).
Region Address Range | MPU | F2H | F2SDRAM | Note |
---|---|---|---|---|
0x0000_0000_0000
TOP
0x0011_1110_FFFF |
— | — | — | Region TOP: Only secure MPU transactions are allowed. Only secure F2H transactions are allowed. Only secure F2SDRAM transactions allowed. |
0x0011_1111_0000
Region 0
0x0022_2222_FFFF |
Y | — | — | Region 0: If mpu=1, then secure and non-secure MPU transactions are allowed. If mpu=0, then only secure MPU transactions are allowed.
Only secure F2H transactions are allowed.
Only secure F2SDRAM transactions allowed. |
0x0033_3333_0000
Region 1
0x0044_4444_FFFF |
— | Y | — | Region 1: Only secure MPU transactions are allowed.
If f2h=1, then secure and non-secure F2H transactions are allowed. If f2h=0, then only secure F2H transactions are allowed.
Only secure F2SDRAM transactions are allowed. |
0x0055_5555_0000
Region 2
0x0066_6666_FFFF |
— | — | Y | Region 2: Only secure MPU transactions are allowed.
Only secure F2H transactions are allowed.
If AxUSER[8]=1, then secure and non-secure F2SDRAM transactions are allowed. If AxUSER[8]=0, then all transactions are converted to non-secure and are allowed. |
0x0077_7777_0000
Region 3
0x0088_8888_FFFF |
Y | Y | Y | Region 3: If mpu=1, then secure and non-secure MPU transactions are allowed. If mpu=0, then only secure MPU transactions are allowed.
If f2h=1, then secureandnon-secure F2H transactions are allowed. If f2h=0, then only secure F2H transactions are allowed.
If AxUSER[8]=1, then secure and non-secure F2SDRAM transactions are allowed. If AxUSER[8]=0, then all transactions are converted to non-secure and are allowed. |
MPU Region 0 registers
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_base = 0x1111_0000
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_baseext = 0x0000_0011
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_limit = 0x2222_FFFF
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_limitext = 0x0000_0022
F2H Region 1 registers
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_base = 0x3333_0000
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_baseext = 0x0000_0033
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_limit = 0x4444_FFFF
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_limitext = 0x0000_0044
F2SDRAM Region 2 registers
- DDR_SCR.region2addr_base = 0x5555_0000
- DDR_SCR.region2addr_baseext = 0x0000_0055
- DDR_SCR.region2addr_limit = 0x6666_FFFF
- DDR_SCR.region2addr_limitext = 0x0000_0066
MPU Region 3 registers
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_base = 0x7777_0000
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_baseext = 0x0000_0077
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_limit = 0x8888_FFFF
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_limitext = 0x0000_0088
F2H Region 3 registers
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_base = 0x7777_0000
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_baseext = 0x0000_0077
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_limit = 0x8888_FFFF
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_limitext = 0x0000_0088
F2SDRAM Region 3 registers
- DDR_SCR.region3addr_base = 0x7777_0000
- DDR_SCR.region3addr_baseext = 0x0000_0077
- DDR_SCR.region3addr_limit = 0x8888_FFFF
- DDR_SCR.region3addr_limitext = 0x0000_0088
IO96B registers
- MPFE_SCR.IO96B0_reg = 0x0101 (mpu = 1, f2h = 1)
- MPFE_SCR.IO96B1_reg = 0x0101 (mpu = 1, f2h = 1)
AxUSER[8] signal
- AxUSER[8] = 0x1 (AxPROT settings are used to determine security access)
Enable registers
- DDR_CCU_dmi<1:0>_SCR.enable = 0x0A09 (Regions 0 and 3 enabled for MPU, Regions 1 and 3 enabled for F2H)
- DDR_SCR.enable = 0x000C (Regions 2 and 3 enabled for F2SDRAM