Visible to Intel only — GUID: mwh1409958641802
Ixiasoft
Visible to Intel only — GUID: mwh1409958641802
Ixiasoft
1.10. Configuring Platform Designer System Security
Platform Designer interconnect supports the Arm* TrustZone* security extension. The Platform Designer Arm* TrustZone* security extension includes secure and non-secure transaction designations, and a protocol for processing between the designations, as Table 12 describes.
The AXI AxPROT protection signal specifies a secure or non-secure transaction. When an AXI master sends a command, the AxPROT signal specifies whether the command is secure or non-secure. When an AXI slave receives a command, the AxPROT signal determines whether the command is secure or non-secure. Determining the security of a transaction while sending or receiving a transaction is a run-time protocol.
AXI masters and slaves can be TrustZone* -aware. All other master and slave interfaces, such as Avalon® -MM interfaces, are non- TrustZone* -aware.
The Avalon® specification does not include a protection signal. Consequently, when an Avalon® master sends a command, there is no embedded security and Platform Designer recognizes the command as non-secure. Similarly, when an Avalon® slave receives a command, the slave always accepts the command and responds.
- To begin creating a secure system, add masters and slaves to your system, as Adding IP Components to a System describes.
- Make connections between the masters and slaves in your system, as Connecting Masters and Slaves describes.
- Click View > Interconnect Requirements. The Interconnect Requirements tab allows you to specify system-wide and interconnect-specific requirements.
- To specify security requirements for an interconnect, click the Add button.
- In the Identifier column, select the interconnect in the new_target cell.
- In the Setting column, select Security.
- In the Value column, select the appropriate Secure, Non-Secure, Secure Ranges, or TrustZone-aware security for the interface. Refer to System Security Options for details of each option.
Figure 27. Security Settings in Interconnect Requirements Tab
- After setting compile-time security options for non- TrustZone* -aware master and slave interfaces, you must identify those masters that require a default slave before generation, as Specifying a Default Slave.