Visible to Intel only — GUID: mra1710281537590
Ixiasoft
Visible to Intel only — GUID: mra1710281537590
Ixiasoft
13.4.2.4.1. CCU-to-DDR Firewalls (MPU Firewall and F2H Firewall)
The MPFE NoC implements a firewall on the output of the CCU_DMI0 and CCU_DMI1 initiator NIUs that supports 8 memory regions. The firewall region can be configured by software to be as small as 64 kbytes or as large as 128 Gbytes, aligned to a 64 kbyte boundary.
- AxUSER[7:0] must be set to 0x04
The firewall checks the Secure bit of a transaction (AxPROT) against the secure state of the slave. A transaction that passes the firewall proceeds normally to the slave. A transaction that fails the firewall receives an error response with random data. Transactions that fail the firewall must never be presented to the slave interface.
DDR_CCU_dmi0_SCR | Must Equal | DDR_CCU_dmi1_SCR |
---|---|---|
mpuregion<n>addr_base | = | mpuregion<n>addr_base |
mpuregion<n>addr_baseext | = | mpuregion<n>addr_baseext |
mpuregion<n>addr_limit | = | mpuregion<n>addr_limit |
mpuregion<n>addr_limitext | = | mpuregion<n>addr_limitext |
nonmpuregion<n>addr_base | = | nonmpuregion<n>addr_base |
nonmpuregion<n>addr_baseext | = | nonmpuregion<n>addr_baseext |
nonmpuregion<n>addr_limit | = | nonmpuregion<n>addr_limit |
nonmpuregion<n>addr_limitext | = | nonmpuregion<n>addr_limitext |
MPFE_SCR.IO96B0_reg[mpu] | = | MPFE_SCR.IO96B1_reg[mpu] |
MPFE_SCR.IO96B0_reg[f2h] | = | MPFE_SCR.IO96B1_reg[f2h] |
“mpuregion” is associated with MPU transactions.
“nonmpuregion” is associated with F2H transactions.
For the MPU-to-SDRAM path, the firewall checks the secure bit of a transaction (AxPROT[1]) against the secure state of the slave (IO96B0_reg[mpu] = IO96B1_reg[mpu]), as described in the following table.
MPU AxPROT[1] | IO96B<1:0>_reg[mpu] | Result |
---|---|---|
0 – Secure | 0 – Secure | Pass – transaction allowed for entire DRAM space |
0 – Secure | 1 – Non-Secure | Pass – transaction allowed for entire DRAM space |
1 – Non-Secure | 0 – Secure | Fail |
1 – Non-Secure | 1 – Non-Secure | Pass – transaction only allowed in 8 regions for MPU |
For the F2H-to-SDRAM path, the firewall checks the secure bit of a transaction (AxPROT[1]) against the secure state of the slave (IO96B0_reg[f2h]=IO96B1_reg[f2h]), as described in the following table.
F2H AxPROT[1] |
IO96B<1:0>_reg[f2h] | Result |
---|---|---|
0 – Secure | 0 – Secure | Pass – transaction allowed for entire DRAM space |
0 – Secure | 1 – Non-Secure | Pass – transaction allowed for entire DRAM space |
1 – Non-Secure | 0 – Secure | Fail |
1 – Non-Secure | 1 – Non-Secure | Pass – transaction only allowed in 8 regions for F2H |