Hard Processor System Technical Reference Manual: Agilex™ 5 SoCs

ID 814346
Date 7/19/2024
Public
Document Table of Contents

13.4.2. Firewall and Security

TrustZone* is enforced by firewalls implemented on the target datapath. After reset, every target on the system interconnect is in the secure state. This feature is referred to as boot secure.

To change the security state of a target requires a secure write to the appropriate security control register (SCR).

Firewalls check the secure bit of a transaction against the secure state of the target. A transaction that passes the firewall proceeds normally to the target. A transaction that fails the firewall results in an error response with data set to 0. Transactions that fail the firewall are never presented to the target interface.

The SCRs, implemented in the system interconnect, control the security state of each target. The SCR is an internal target on the system interconnect, accessed through the service network. You can configure the target security state on a per-initiator basis. This means that the SCR associated with each target contains multiple secure state bits, one for each initiator allowed to access it.

Firewalls work in the following order:

  1. Based on the transaction's destination target, fetch the entire target SCR.
  2. Based on the transaction's originating initiator, read the initiator-specific secure bit in the SCR.
  3. Compare the secure bit with the transaction's secure attribute to determine if the transaction should pass the firewall.

The table below shows how the secure state of a target is used with the transaction security bit to determine if a transaction passes or fails.

Table 369.  Target Security Decision Table
Transaction Security Bit Initiator-Target Specific SCR Bit Result
0 – Non-Secure 0 – Secure Fail
1 – Secure 0 – Secure Pass – transaction sent to target
0 – Non-Secure 1 – Non-Secure Pass – transaction sent to target
1 – Secure 1 – Non-Secure Pass – transaction sent to target