Quartus® Prime Pro Edition User Guide: Platform Designer

ID 683609
Date 9/30/2024
Public
Document Table of Contents

1.11. Configuring Platform Designer System Security

Specify system or interconnect Security requirements on the Domains tab.

Platform Designer interconnect supports the Arm* TrustZone® security extension. The Platform Designer Arm* TrustZone® security extension includes secure and non-secure transaction designations, and a protocol for processing between the designations.

The AXI AxPROT protection signal specifies a secure or non-secure transaction. When an AXI manager sends a command, the AxPROT signal specifies whether the command is secure or non-secure. When an AXI subordinate receives a command, the AxPROT signal determines whether the command is secure or non-secure. Determining the security of a transaction while sending or receiving a transaction is a run-time protocol.

AXI managers and subordinates can be TrustZone® -aware. All other host and agent interfaces, such as Avalon® memory mapped interfaces, are non- TrustZone® -aware.

The Avalon® specification does not include a protection signal. Consequently, when an Avalon® host sends a command, there is no embedded security and Platform Designer recognizes the command as non-secure. Similarly, when an Avalon® agent receives a command, the agent always accepts the command and responds.

To set compile-time security support for non- TrustZone® -aware components:
  1. To begin creating a secure system, add Avalon hosts and agents and AXI managers and subordinates to your system, as Adding IP Components to a System describes.
  2. Make connections between the hosts and agents and between the managers and subordinates in your system, as Connecting Hosts and Agents describes.
  3. Click View > Domains.
    Figure 75. Security Settings in Domains Tab
  4. To specify security requirements for an interconnect, click the Interface tab under Interconnect Parameters,
  5. Click the Add button.
  6. In the Identifier column, select the interconnect in the new_target cell.
  7. In the Setting column, select Security.
  8. In the Value column, select the appropriate Secure, Non-Secure, Secure Ranges, or TrustZone-aware security for the interface. Refer to System Security Options for details of each option.
  9. After setting compile-time security options for non- TrustZone® -aware manager and subordinate interfaces, you must identify those managers that require a default subordinate before generation, as Specifying a Default Avalon Agent or AXI Subordinate describes.
This document now refers to the Avalon® "host" and "agent," and the AXI "manager" and "subordinate," to replace formerly used terms with inclusive language. Refer to the current AMBA AXI and ACE Protocol Specification for the latest AMBA AXI and ACE protocol terminology.