Example Of Configuration For Trustzone - Altera Cyclone V Device Handbook
Hide thumbs
Also See for Cyclone V:
- Technical reference (3536 pages) ,
- User manual (136 pages) ,
- Reference manual (66 pages)
Table of Contents
Advertisement
8-14
Example of Configuration for TrustZone
Field
Width
Address_
high
Protection
Fail/allow
Note to Table:
1. Although TID and Port Mask could be redundant, including both in the table allows possible compression
of rules. If masters connected to a port do not have contiguous TIDs, a port-based rule might be more
efficient than a TID-based rule, in terms of the number of rules needed.
A port has a default access status of either allow or fail, nd rules with the opposite allow/fail value can override
the default. The system evaluates each transaction against every rule in the memory protection table. A
transaction received on a port which by default allows access, would fail only if a rule with the fail bit matches
the transaction. Conversely, a port which by default prevents access, would allow access only if a rule allows
that transaction to pass.
Exclusive transactions are security checked on the read operation only. A write operation can occur only if
a valid read is marked in the internal exclusive table. Consequently, a master performing an exclusive read
followed by a write, can write to memory only if the exclusive read was successful.
Related Information
http://www.arm.com
Information about TrustZone
Example of Configuration for TrustZone
For a TrustZone configuration, memory is divided into a range of memory accessible by secure masters and
a range of memory accessible by nonsecure masters. The two memory address ranges may have a range of
memory that overlaps.
This example implements the following memory configuration:
• 2 GB total RAM size
• 0 512 MB dedicated secure area
• 513 576 MB shared area
• 577 2048 MB dedicated nonsecure area
In this example, each port is configured by default to disallow all accesses. The following table shows the
two rules programmed into the memory protection table.
Table 8-5: Rules in Memory Protection Table for Example Configuration
Rule #
Port Mask
1
0'b1111111111
2
0'b1111111111
Altera Corporation
12
Upper limit of address. Incoming addresses match if they are less than or equal
to this value.
2
A value of 00 indicates that the protection bit is not set; a value of 01 sets the
protection bit. Systems that do not set AXI protection to a known value should
program this for either protection value.
1
Set this value to 1 to force the operation to fail or succeed.
TID Low
TID High
0
4095
0
4095
Description
Address Low
Address High
0
576
512
2047
cv_54008
2013.12.30
Prot
Fail/Allow
b01
allow
b00
allow
SDRAM Controller Subsystem
Send Feedback
Advertisement
Chapters
Table of Contents
