Visible to Intel only — GUID: sfo1410068029929
Ixiasoft
Visible to Intel only — GUID: sfo1410068029929
Ixiasoft
7.1.2. Functional Overview
The Security Manager integrates several functions that support the TrustZone* technology, manage security states in the device, and hold secure fuse information.
The main components of the Security Manager architecture include:
- Fuse Control (TEST):
When the HPS is powered, the Security Manager ensures reliable and verified receipt of the fuse information from the Configuration Subsystem (CSS) in the FPGA, stores it in fuse shadow registers and can request further fuse information.
- Security State and Status Check:
This sub-module holds the security state of the system, which is controlled by the fuse bits, hardware and software programming. This sub-module also has the ability to check and raise the level of security.
- Encryption Data Port:
This interface receives authenticated and decrypted boot images from the CSS.
- Support for ECDSA256 (SHA256) authenticated boot.
- Support for AES-based encrypted boot.
- Registers:
- Control Registers configure security state and debug options for the device.
- Status and Error Registers flag transmission errors and interrupts.
- Fuse Shadow Registers hold a copy of the user fuse information.
- Anti-Tamper Control:
On a tamper event, this module sends a signal to the Reset Manager to initiate the scrambling and clearing of all memories, including on-chip RAM, peripheral memories, L1 cache and L2 cache. Upon completion, the Security Manager sends a signal to the FPGA to indicate that the anti-tamper event has been handled.