Visible to Intel only — GUID: mwh1409958641802
Ixiasoft
Visible to Intel only — GUID: mwh1409958641802
Ixiasoft
1.9. Configuring Platform Designer System Security
Platform Designer interconnect supports the Arm* TrustZone® security extension. The Platform Designer Arm* TrustZone® security extension includes secure and non-secure transaction designations, and a protocol for processing between the designations, as describes.
The AXI AxPROT protection signal specifies a secure or non-secure transaction. When an AXI master sends a command, the AxPROT signal specifies whether the command is secure or non-secure. When an AXI slave receives a command, the AxPROT signal determines whether the command is secure or non-secure. Determining the security of a transaction while sending or receiving a transaction is a run-time protocol.
AXI masters and slaves can be TrustZone® -aware. All other host and agent interfaces, such as Avalon® memory mapped interfaces, are non- TrustZone® -aware.
The Avalon® specification does not include a protection signal. Consequently, when an Avalon® host sends a command, there is no embedded security and Platform Designer recognizes the command as non-secure. Similarly, when an Avalon® agent receives a command, the agent always accepts the command and responds.
- To begin creating a secure system, add hosts and slaves to your system, as Adding IP Components to a System describes.
- Make connections between the hosts and slaves in your system, as Connecting Hosts and Agents describes.
- Click View > Domains.
Figure 38. Security Settings in Domains Tab
- To specify security requirements for an interconnect, click the Interface tab under Interconnect Parameters,
- Click the Add button.
- In the Identifier column, select the interconnect in the new_target cell.
- In the Setting column, select Security.
- In the Value column, select the appropriate Secure, Non-Secure, Secure Ranges, or TrustZone-aware security for the interface. Refer to System Security Options for details of each option.
- After setting compile-time security options for non- TrustZone® -aware master and slave interfaces, you must identify those masters that require a default slave before generation, as Specifying a Default Slave.