Intel® Quartus® Prime Pro Edition User Guide: Platform Designer

ID 683609
Date 10/04/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

1.9. Configuring Platform Designer System Security

Specify system or interconnect Security requirements on the Domains tab.

Platform Designer interconnect supports the Arm* TrustZone® security extension. The Platform Designer Arm* TrustZone® security extension includes secure and non-secure transaction designations, and a protocol for processing between the designations, as describes.

The AXI AxPROT protection signal specifies a secure or non-secure transaction. When an AXI master sends a command, the AxPROT signal specifies whether the command is secure or non-secure. When an AXI slave receives a command, the AxPROT signal determines whether the command is secure or non-secure. Determining the security of a transaction while sending or receiving a transaction is a run-time protocol.

AXI masters and slaves can be TrustZone® -aware. All other host and agent interfaces, such as Avalon® memory mapped interfaces, are non- TrustZone® -aware.

The Avalon® specification does not include a protection signal. Consequently, when an Avalon® host sends a command, there is no embedded security and Platform Designer recognizes the command as non-secure. Similarly, when an Avalon® agent receives a command, the agent always accepts the command and responds.

To set compile-time security support for non- TrustZone® -aware components:
  1. To begin creating a secure system, add hosts and slaves to your system, as Adding IP Components to a System describes.
  2. Make connections between the hosts and slaves in your system, as Connecting Hosts and Agents describes.
  3. Click View > Domains.
    Figure 38. Security Settings in Domains Tab
  4. To specify security requirements for an interconnect, click the Interface tab under Interconnect Parameters,
  5. Click the Add button.
  6. In the Identifier column, select the interconnect in the new_target cell.
  7. In the Setting column, select Security.
  8. In the Value column, select the appropriate Secure, Non-Secure, Secure Ranges, or TrustZone-aware security for the interface. Refer to System Security Options for details of each option.
  9. After setting compile-time security options for non- TrustZone® -aware master and slave interfaces, you must identify those masters that require a default slave before generation, as Specifying a Default Slave.