Visible to Intel only — GUID: iyy1481129317936
Ixiasoft
Visible to Intel only — GUID: iyy1481129317936
Ixiasoft
5.4.6. Security State Determination
There are two concepts of security in the SMMU:
- A transaction is either secure or non-secure depending on the value of the APROT[1] signal.
- The stream has an assigned security state determination (SSD) that determines whether secure or non-secure software controls the stream.
Each transaction is classified through a security state determination (SSD) as either SSD secure or SSD non-secure. The current bus transaction provides an SSD_index that points to a bit in the smmu_ssd_reg_* registers. For a given transaction, the device is either SSD secure or SSD non-secure. This bit determines the SSD security state.
For an SSD secure transaction, the APROT[1] signal can indicate whether it is secure or non-secure and the information is generally passed downstream. However, an SSD non-secure transaction is forced by the SMMU to indicate non-secure transaction in the APROT[1] signal on the downstream. For each SSD, set the SMMU_SCR0.CLIENTPD bit field if you want all transactions to bypass the translation process of the SMMU.