Intel® Quartus® Prime Pro Edition User Guide: Platform Designer

ID 683609
Date 10/04/2021
Public

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

1.9.2. Specifying a Default Slave

If an AXI master issues "per-access" or "not allowed" transactions, your design must contain a default slave. Per-access refers to the ability of a TrustZone® -aware AXI master to allow or disallow access or transactions.

You can achieve an optimized secure system by partitioning your design and carefully designating secure or non-secure address maps to maintain reliable data. Avoid a design that includes a non-secure AXI master that initiates transactions to a secure slave resulting in unsuccessful transfers, within the same hierarchy.

A transaction that violates security is rerouted to the default slave and subsequently responds to the AXI master with an error. The following rules apply to specifying a default slave:

  • You can designate any slave as the default slave.
  • You can share a default slave between multiple AXI masters.
  • Have one default slave for each interconnect domain.
  • An interconnect domain is a group of connected memory-mapped masters and slaves that share the same interconnect. The altera_error_response_slave component includes the required TrustZone® features.
To designate a slave interface as the default slave for non TrustZone® -aware interfaces, follow these steps:
  1. Specify interconnect security settings, as Configuring Platform Designer System Security describes.
  2. In the System View , right-click any column and turn on the Security and Default Slave columns.
  3. In the System View tab, turn on the Default Slave option for the slave interface. A master can have only one default slave.
    Figure 39. Security and Default Slave Columns
Table 15.  Secure and Non-Secure Access Between Master, Slave, and Memory Components

Transaction Type

TrustZone® -aware Master

Non- TrustZone® -aware Master

Secure

Non- TrustZone® -aware Master

Non-Secure

TrustZone® -aware slave/memory

OK

OK

OK

Non- TrustZone® -aware slave (secure)

Per-access

OK

Not allowed

Non- TrustZone® -aware slave (non-secure)

OK

OK

OK

Non- TrustZone® -aware memory (secure region)

Per-access

OK

Not allowed

Non- TrustZone® -aware memory (non-secure region)

OK

OK

OK