Visible to Intel only — GUID: noj1719613689950
Ixiasoft
Visible to Intel only — GUID: noj1719613689950
Ixiasoft
13.4.2.4.4. MPFE Firewall Example
The following is an example of how to set up non-secure regions within the memory map that can be only accessed by the appropriate initiator (that is, the MPU, the F2H, or the F2SDRAM initator).
Region Address Range | MPU | F2H | F2SDRAM | Note |
---|---|---|---|---|
0x0000_0000_0000
TOP
0x0011_1110_FFFF |
— | — | — | Region TOP: Only secure MPU transactions are allowed. Only secure F2H transactions are allowed. Only secure F2SDRAM transactions allowed. |
0x0011_1111_0000
Region 0
0x0022_2222_FFFF |
Y | — | — | Region 0: If mpu=1, then secure and non-secure MPU transactions are allowed. If mpu=0, then only secure MPU transactions are allowed.
Only secure F2H transactions are allowed.
Only secure F2SDRAM transactions allowed. |
0x0033_3333_0000
Region 1
0x0044_4444_FFFF |
— | Y | — | Region 1: Only secure MPU transactions are allowed.
If f2h=1, then secure and non-secure F2H transactions are allowed. If f2h=0, then only secure F2H transactions are allowed.
Only secure F2SDRAM transactions are allowed. |
0x0055_5555_0000
Region 2
0x0066_6666_FFFF |
— | — | Y | Region 2: Only secure MPU transactions are allowed.
Only secure F2H transactions are allowed.
If AxUSER[8]=1, then secure and non-secure F2SDRAM transactions are allowed. If AxUSER[8]=0, then all transactions are converted to non-secure and are allowed. |
0x0077_7777_0000
Region 3
0x0088_8888_FFFF |
Y | Y | Y | Region 3: If mpu=1, then secure and non-secure MPU transactions are allowed. If mpu=0, then only secure MPU transactions are allowed.
If f2h=1, then secureandnon-secure F2H transactions are allowed. If f2h=0, then only secure F2H transactions are allowed.
If AxUSER[8]=1, then secure and non-secure F2SDRAM transactions are allowed. If AxUSER[8]=0, then all transactions are converted to non-secure and are allowed. |
MPU Region 0 registers
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_base = 0x1111_0000
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_baseext = 0x0000_0011
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_limit = 0x2222_FFFF
- DDR_CCU_dmi<1:0>_SCR.mpuregion0addr_limitext = 0x0000_0022
F2H Region 1 registers
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_base = 0x3333_0000
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_baseext = 0x0000_0033
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_limit = 0x4444_FFFF
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion1addr_limitext = 0x0000_0044
F2SDRAM Region 2 registers
- DDR_SCR.region2addr_base = 0x5555_0000
- DDR_SCR.region2addr_baseext = 0x0000_0055
- DDR_SCR.region2addr_limit = 0x6666_FFFF
- DDR_SCR.region2addr_limitext = 0x0000_0066
MPU Region 3 registers
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_base = 0x7777_0000
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_baseext = 0x0000_0077
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_limit = 0x8888_FFFF
- DDR_CCU_dmi<1:0>_SCR.mpuregion3addr_limitext = 0x0000_0088
F2H Region 3 registers
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_base = 0x7777_0000
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_baseext = 0x0000_0077
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_limit = 0x8888_FFFF
- DDR_CCU_dmi<1:0>_SCR.nonmpuregion3addr_limitext = 0x0000_0088
F2SDRAM Region 3 registers
- DDR_SCR.region3addr_base = 0x7777_0000
- DDR_SCR.region3addr_baseext = 0x0000_0077
- DDR_SCR.region3addr_limit = 0x8888_FFFF
- DDR_SCR.region3addr_limitext = 0x0000_0088
IO96B registers
- MPFE_SCR.IO96B0_reg = 0x0101 (mpu = 1, f2h = 1)
- MPFE_SCR.IO96B1_reg = 0x0101 (mpu = 1, f2h = 1)
AxUSER[8] signal
- AxUSER[8] = 0x1 (AxPROT settings are used to determine security access)
Enable registers
- DDR_CCU_dmi<1:0>_SCR.enable = 0x0A09 (Regions 0 and 3 enabled for MPU, Regions 1 and 3 enabled for F2H)
- DDR_SCR.enable = 0x000C (Regions 2 and 3 enabled for F2SDRAM